'^•com 


MCI  woes  mount  Experts  say  latest  scandal  dogging 

MCI  might  take  a  bite  out  of  post-bankruptcy  sales.  PAGE  12. 


VPN  faceoff  Industi7  experts  debate  the  merits 
of  SSL-  based  VPNs  vs.  IPSec  VPNs.  PAGE  48. 
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Some  VoIP  users 
still  cling  to  TDM 


■  BY  PHIL  HOCHMUTH 

Enterprise  telephony  vendors 
are  clear  that  IP  is  the  future,  but 
customers  haven’t  universally 
agreed  how  to  get  there.  Some 
companies  that  made  grand 
commitments  to  IP  telephony 
are  scaling  back  to  hybrid  envi- 


result  of  a  hostile  attack. 

Ironically,  it  was  voice  over  IP 
(VoIP)  that  helped  Merrill  Lynch 
recover  and  keep  business  run¬ 
ning  after  its  operations  were 
affected  by  the  Sept.  1 1  attacks  in 
New  York,says  Anita  Dulude,  tech¬ 
nical  service  director  with  the  in¬ 
tegration  firm  ThruPoint,  which 


I  AMy  PBX  has  fiv&nines  reliability. 
Why  not  IP-enable  that  PBX 
instead  of  installing  a  [serve^ 
based  IPPBX]?i9 

James  Sposito,  telecommunications  manager, 
Penn  State  University  at  Altoona 


ronments,  while  others  are  forg¬ 
ing  ahead  with  pure-IP  conver¬ 
gence  plans. 

News  last  week  that  Merrill 
Lynch  is  migrating  from  a  Cisco- 
based  IP  telephony  network  it  in¬ 
stalled  in  2000  to  an  environment 
based  on  a  mix  of  Avaya-based  IP 
and  TDM  telephony  gear  raised 
eyebrows  among  industry  watch¬ 
ers.  A  Merrill  Lynch  spokesman 
says  the  company  was  con¬ 
cerned  that  having  data  and 
voice  on  one  network  could 
leave  the  firm  susceptible  to  out¬ 
ages,  either  accidental  or  the 


was  involved  in  the  IP  telephony 
installation  at  Merrill  Lynch’s 
Hopewell,  N.J.  campus  in  2000. 

“It  was  easy  for  [Merrill  Lynch] 
to  move  workers  and  deploy 
phones  in  a  short  period  because 
data  network  ports  were  avail¬ 
able,”  Dulude  says.“If  it  were  a  TDM 
solution  it  would  have  taken  twice 
as  long  to  do  what  they  did.” 

Dulude  says  the  Merrill  Lynch 
VoIP  network  was  sound  when 
the  installation  was  completed. 
“They’ve  upgraded  [their  IP 
PBXs]  numerous  times  and  really 
See  VoIP,  page  60 


Linux  marches  on 


Vendors  ready  to  showcase  latest 
wares  at  this  week’s  LinuxWorld. 

■  BY  JENNIFER  MEARS  AND  PHIL  HOCHMUTH 

Despite  the  specter  of  The  SCO  Group’s  legal  scuf¬ 
fle  with  IBM  and  Linux  users,  big  players  such  as 
BEA  Systems,  HI)  IBM,  Sun  and  Veritas  will  roll  out 
products  and  services  at  this  week’s  LinuxWorld 
Conference  &  Expo  in  San  Francisco. 

The  legal  battle  is  expected  to  have  little  effect  — 
save  for  being  a  hot  topic  of  conversation  —  at 
LinuxWorld,  the  first  since  SCO  filed  its  $3  billion 
lawsuit  against  IBM  alleging  the  company  had  inap¬ 
propriately  used  portions  of  proprietary  Unix  code 
to  beef  up  Linux  scalability  Instead, show-goers  can 
expect  to  find  a  long  list  of  announcements  from 
major  vendors  that  are  pushing  Linux  into  more- 
critical  data  center  roles. 

IBM  jumped  the  gun  last  week  in  announcing  a 
pre-integrated  Linux  cluster. The  cluster  includes 
Linux  on  the  company’s  new  32-/64-bit  AMD 
Opteron-based  servers  packaged  with  network 
switches  and  storage.  It  also  comes  with  IBM’s  new 
DB2  Integrated  Cluster  Environment,  which  can 
support  up  to  1,000  nodes,  the  company  says. 

HP  also  will  announce  pre-integrated  Linux  clus¬ 
ters  and  a  tighter  relationship  with  BEA  to  support 
BEAs  application  server  on  Linux.  HP  and  IBM  are 
expected  to  announce  a  slew  of  management  prod¬ 
ucts  for  Linux,  enabling  their  flagship  management 
systems  to  run  natively  on  the  Linux  platform. 

For  its  part, Veritas  will  unveil  clustering  tools  for 
IBM  DB2,  MySQL  and  Oracle  databases  to  increase 
recovery  and  step  up  availability  of  those  applica¬ 
tions  running  on  Linux. 

See  LinuxWorld,  page  14 


Microsoft  marshals  forces  to  try 
to  stem  open  source  momentum. 

■  BY  JOHN  FONTANA 

Linux’s  bark  is  turning  into  a  bite  for  Microsoft.  As 
a  result,  the  software  giant  is  stepping  up  to  protect 
itself  and  keep  corporate  customers  from  turning 
to  the  open-source  operating  system  to  satisfy  ser¬ 
ver  and  desktop  needs. 

The  company  says  Linux,  which  gained  double¬ 
digit  market  share  in  the  past  12  months,  is  its  No.  2 
challenge  behind  the  slumping  economy.  That 
assessment  —  together  with  Microsoft’s  efforts  to 
smooth  customer  discontent  over  its  costly  and 

See  Microsoft,  page  16 


Linux  growth 

Linux  is  climbing  up  the  server 
operating  system 
ladder,  based 


on  IDC  and 
Microsoft 
data.  Overall, 
Microsoft 
still  has  near¬ 
ly  half  of  the 
server  oper¬ 
ating  system 
market,  ac¬ 
cording  to 
IDC. 
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We  tested  five  dedicated  compression 
devices  and  found  that  they  can 
significantly  improve  network  performance. 


Page  43. 
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The  human  body  has  an  amazing  capacity  to  adapt  to  shifting 
demands.  So  do  IBM  TotalStorage  products. The  IBM  TotalStorage 
Virtualization  Family  manages  your  individual  storage  resources 
as  one  common  virtual  pool.  It  can  then  allocate  storage  to  your 
servers,  helping  to  improve  availability  and  utilization.  On  demand. 
Helping  to  lower  your  costs. 

TotalStorage;  storage  for  on  demand  business. 

Can  you  seo  it?  See  it  at  ibm.com/totalstorage/ondemand 


WHO  BUILDS  THE  MOST 
RELIABLE  AND  SECURE 
NETWORKS  FOR  THE 
U.S.  MILITARY? 


Extreme  Networks. 

The  world’s  most  sophisticated  military 
won’t  tolerate  end-to-end  delays  or  network 
downtime.  That’s  why  the  U.S.  Military  chose 
Extreme  Networks  to  meet  its  strategic 
technology  requirements. 

We  are  an  established  leader  in  developing 
network  infrastructures  for  IP-based 
applications  designed  for  large  enterprises 
and  metro  service  providers.  Anticipating 
the  millions  of  connections  networks  must 
support  in  the  future,  we  deliver  a  Business 
Optimized  Infrastructure  that  provides 
explosive  scalability,  eliminates  capacity 
issues  and  enhances  application  performance 
at  the  lowest  total  cost  of  ownership. 

To  learn  more,  visit 
extremenetworks.com/boi.htm 
or  call  888.257.3000. 
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Supersizing  existing  WAN 
connections: 

We  tested  five  dedicated  network  compression 
devices  and  found  that  all  the  products  can 
significantly  improve  the  performance  of  your 
network.  Page  43. 


FaceOfh  Are  SSL-based  VPNs  a 
better  bet  than  IPSecbased  VPNs 

Two  industry  experts  debate  the  strengths  and  weaknesses 
of  the  various  types  of  VPNs,  Page  48. 
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Interactive 

Multimedia  presentation:  Collaborative 
workspaces  and  virtual  teaming 

Brett  Trusko,  a  management  consultant  and  futurist  with  IRG/Future- 
Org,  takes  a  deeper  look  at  the  factors  used  in  our  recent  test  of  the 
various  collaboration  workspaces  and  provides  tips  for  would-be  buyers 
looking  into  the  technology. 

DocFinder;  7037 

Are  you  making  what  you're  worth? 

Plug  in  some  information  about  your  background,  skills  and  Job  into 
our  Salary  Calculator,  and  well  tell  you  what  you  should  be  making 
when  compared  with  your  peers.  One  note:  The  data  you  enter  is  not 
stored  permanently.  It's  kept  in  RAM  only  long  enough  to  calculate 
your  expected  salary  and  total  compensation, 

DocFinder;  6821 

Seminars  and  events 

The  New  Data  Center:  Powering  the  Enterprise 

The  new  data  center  is  the  new  driving  force  of  the  enterprise,  rising 
to  take  command  and  control  through  consolidation  and  virtualization, 
automation  and  efficiency.  If  your  data  center  isn't  fully  metered,  fully 
accountable  and  fully  effective,  don't  miss  this  Network  World 
Technology  Tour  event.  The  event  is  free  to  qualified  professionals  only. 
DocFinder:  6646 
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I  Columnists 

I  Compendium 

I  Putting  whitespace  to  work 

i  Fusion  Executive  Editor  Adam  Gaffin  says  move  over,  Java. 

Give  it  a  rest,  Python,  Whitespace  is  the  hot  new  program- 
i  ming  language. 

{  DocFinder:  7038 

I  Wireless  Wizards 

^  What  are  location  determination  algorithms? 
i  The  Wizards  help  Ravi  from  India  determine  how  they  work  for 
wireless  LANs  and  their  accuracy. 

DocFinder:  7039 

Telework  Beat 

HomePNA  enjoys  loyal  but  shrinking  fan  base 
Net.Worker  Managing  Editor  Toni  Kistner  lets  readers  recount 
why  they  like  the  technology,  despite  clear  signs  its  days  are 
numbered  DocFinder  7040 

Digital  Domicile 

1  Testing  new  media  adapters 

Columnist  Mike  Wolf  says  the  Linksys  Wireless-B  Media 
j  Adapter  stresses  simplicity  and  ease  of  use. 

DocFinder  7041 
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I  Breaking  News 

i  Exclusive  up-to-date  news  every  day.  DocFinder:  6342 

Free  e-mail  newsletters 

Sign  up  for  any  free  e-mail  newsletter.  DocFinder  6343 
What  Is  DocFinder? 

We've  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the  home 
page,  and  you’ll  Jump  directly  to  the  requested 
information. 
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Stor^eNetworks  closes  shop 

■  StorageNetworks,  the  once  high-flying  storage  service  provider, 
is  liquidating  operations. The  company  last  week  fired  most  of  its 
employees  and  announced  that  CEO  Paul  Flanagan  was  leaving 
immediately  The  troubled  company  had  been  on  the  market  for 
months  but  failed  to  attract  a  buyer.  The  only  thing  left  now  is  a 
small  team  whose  job  is  to  hammer  closed  the  shutters.  In  its  hey¬ 
day,  StorageNetworks  provided  online  storage  for  a  bevy  of  pri¬ 
marily  dot-com  companies  that  didn’t  have  their  own  storage 
resources  and  its  stock  reached  $154  per  share.  A  number  of  sim¬ 
ilar  service  providers  have  gone  out  of  business,  including 
StorageProvider,  SANrise  and  ScaleS.  Several  companies  remain, 
although  most  have  tweaked  their  business  models. 

Report  shows  LAN  switch  paradox 

■  The  LAN  switch  market  is  shrinking,  but  demand  for  products  is  higher  than  ever. 
Falling  prices  are  the  cause  for  this  paradox,  according  to  a  recent  report  from  In- 
Stat/MDR  that  shows  Ethernet  switch  sales  dipped  from  $14.9  billion  in  2001  to  $12.4  bil¬ 
lion  in  2002.  However,  port  shipments  jumped  12%  over  the  same  time,  going  from  137 
million  ports  shipped  in  2001  to  155  million  in  2002.  One  of  the  hottest  categories  in  the 
market  are  Layer  3  switches.  The  report  says  that  Layer  3  was  the  fastest-growing  seg- 
ment,iumping  13.8%  in  port  shipments. Overall  prices  for  LAN  ports  fell  from  $109  per 
port  in  2001  to  $86  in  2002. 

Bill  calls  for  control  of  government  snooping 

■  Civil  liberties  groups  including  the  Electronic  Frontier  Foundation  and  the  Center 
for  Democracy  and  Technology  are  throwing  their  support  behind  a  piece  of  legisla¬ 
tion  that  would  require  U.S.  agencies  to  report  to  Congress  about  the  personal  infor¬ 
mation  they  collect.  Sen.  Ron  Wyden  (D-Ore.)  last  week  introduced  the  Citizens’ 
Protection  in  Federal  Databases  Act  of  2003.  The  bill  would  require  federal  law 
enforcement  and  intelligence  agencies  to  disclose  when  they  subscribe  to  commer¬ 
cial  databases  of  personal  information.  Wyden’s  legislation  would  require  reports 
from  U.S.  agencies  including  Department  of  Justice,  Department  of  Homeland 
Security,  Department  of  Defense  and  the  FBI.  The  reports  would  have  to  disclose 
agency  contracts  to  obtain  commercial  data,  how  the  agencies  analyze  the  data,  and 
the  privacy  guidelines  used  by  the  agencies. The  bill  also  prohibits  federal  agencies 
from  conducting  searches  of  commercial  data  to  create  hypothetical  scenarios  of 
future  terrorist  attacks. 
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■  Th^Goocrn^eBadllieUgly 


IPO  momentum?  Netgear,  which  sells  net  hardware  to  small  businesses, 
last  week  priced  its  IPO  of  7  million  shares  at  S14  apiece,  a  few  bucks  higher  than  { 
expected.  Service  provider  iPass  had  a  similar  experience  with  its  recent  IPO.  Dare 
we  interpret  this  as  a  sign  of  recovery? 


Sure,  e-mail  is 
important  but .  7! 

About  one-third  of  IT 
managers  surveyed  by 
Veritas  report  that  they  would 
consider  a  weeklong  e-mail 
outage  at  their  workplace 
more  traumatic  than  moving 
to  a  new  home ...  a  car 
accident ...  or  even  divorce. 
Makes  you  wonder:  Might  two 
weeks  trump  war  and 
pestilence?  > 

When  patches 
go  bad. 

Microsoft  confessed  last  week 
that  a  Windows  NT  patch 
released  July  23  actually 
causes  the  Routing  and  Remote 
Access  Service  on  NT  4.0 
machines  to  fail. 


NOAH  JONES 
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opportunities,”  the  company  said.  Daniel  Caclin,  COO  at  the  carrier,  will  replace 
Delepine  as  Equant’s  president  and  CEO.  Caclin  was  CEO  at  Global  One  before  its 
merger  with  Equant.  Caclin  has  been  COO  at  Equant  since  June  2001. 

Secure  Computing  snaps  up  N2H2 

■  Secure  Computing  last  week  acquired  N2H2,  a  maker  of  Web-based  content-filtering 
products  called  Bess  and  Sentian,  which  can  be  integrated  with  Cisco  firewalls  and  the 
Cisco  Content  Engine.The  $20  million  acquisition  will  give  Secure  Computing,  which  sells 
SmartFilter  Web  content-filtering  software  in  addition  to  firewall  and  authentication  prod¬ 
ucts,  a  larger  share  of  the  Web-filtering  software  market,  which  IDC  estimated  at  $270  mil¬ 
lion  last  year. 

Sun  acquires  GenterRun  for  N1 

■  Sun  has  agreed  to  acquire  application  provisioning  company  CenterRun  in  a  move 
designed  to  bolster  its  N1  utility-computing  strategy.  Sun  expects  CenterRun’s  software, 
which  is  used  to  deploy  database, Web  and  Java  applications  across  servers,  to  make  ser¬ 
ver,  storage  and  network  resources  easier  to  provision,  manage,  adjust  and  use.  In  the 
past  two  years  Sun  also  has  acquired  virtualization  appliance  start-up  Pirus  Networks 
and  server  provisioning  vendor  Terraspring  as  pieces  of  the  N1  strategy.  Sun  declined  to 
comment  on  the  value  of  the  deal. 


Equant  makes  a  swap  at  the  top 

■  International  service  provider  Equant  announced  last  week  that  its  president  and 
CE(J,  Didier  Delepine,  is  stepping  down.  Delepine  resigned  “to  pursue  other  career 

Milwaukee  Wi-Fi 

Last  week,  the  city  of  Milwaukee  said  it  was  installing  free  Wi-Fi  service  in  two  city 
parks.  “We  are  becoming  a  second-wave  technology  center,"  the  mayor  enthused. 
Read  more  at  www.nu'fusion.com,  DocFinder:  7048. 


Micromuse  gets  new  GEO 

■  Micromuse,  a  maker  of  network  and  service  management  software,  last  week 
announced  Lloyd  Carney,  formerly  COO  and  executive  vice  president  at  Juniper, 
would  take  over  immediately  as  Micromuse’s  CEO  and  chairman.  Mike  Luetkemeyer, 
who  has  served  as  Interim  CEO  since  January,  will  continue  in  his  role  as  CFO  and  as 
a  member  board.  At  Juniper,  Carney  oversaw  a  broad  range  of  business  operations 
including  the  sales,  marketing,  engineering,  manufacturing  and  customer  service 
organizations.  He  has  held  positions  at  Nortel,  including  president  of  the  enterprise 
division  and  president  of  the  wireless  Internet  division.  He  was  responsible  for 
Nortel’s  Optivity  line  of  network  management  software  solutions.  Carney  also  worked 
as  Bay  Networks  in  its  enterprise  business  group  before  Nortel  acquired  it. 


SUN  FIRE  V60X 


THE  NEW  SUN  FIRE'”  V60X  SERVER: 

>  INTEL  XEON  PROCESSOR 

>  RUNS  SOLARIS'”  9  FOR  X86  OR  LINUX  OS 


THE  LOW  COST  MOVE  IS 
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GG  product  evaluation  picks  up  steam 

But  concerns  grow  that  accredited  labs  are  getting  ‘congested’  with  submitted  products. 


IfcThe  whole  reason  behind 
Common  Criteria  and  the  federal 
government  putting  its  program 
in  place  is  to  ensure  IT  products 
have  the  strongest  security.il 


■  BY  ELLEN  MESSMER 

The  government-backed  Com¬ 
mon  Criteria  product-testing  pro¬ 
gram  is  getting  more  attention 
from  vendors  as  the  Department 
of  Defense  widens  its  marching 
orders  to  buy  tested  products. 

However,  new  concerns  are  aris¬ 
ing  that  there  are  not  enough 
accredited  labs  to  easily  handle 
the  submitted  products. 

The  Common  Criteria  program 
started  in  the  mid-1990s  with  a 
half-dozen  countries,  including 
the  U.S.,  seeking  to  accredit  inde¬ 
pendent  labs  to  perform  software  and  hard¬ 
ware  evaluations  for  security  purposes.  That 
work  would  otherwise  be  done  inside  govern¬ 
ment  labs.  With  the  idea  that  the  member 
countries  would  agree  to  accept  the  results  of 
these  accredited  labs,  the  program  took  shape 
and  product  testing  began  about  three  years 
ago.  The  program  now  includes  15  countries, 
with  Japan  expected  to  join  later  this  year. 

A  milestone  for  the  US.  was  reached  in  July 
2002  when  a  mandate  from  the  National 
Security  Agency  (NSA)  dictated  that  purchas¬ 
es  for  any  “national  security  systems”  must  use 
Common  Criteria-evaluated  products  when 
available  over  any  other  comparable  prod¬ 
ucts.  The  mandate  most  affected  the  Defense 
Department. 

But  a  dearth  of  accredited  products  —  there 
are  now  93,  about  half  of  which  were  certified 
in  US.  labs  —  prompted  a  revision  of  the  man¬ 
date  in  June. The  Defense  Department  buyers 
can  purchase  non-compliant  products,  but 
must  get  the  vendor  to  commit  to  getting  the 
product  through  testing. 

“We  recognized  there 
weren’t  enough  products  in 
the  system,”  says  Jean 
Schaffer,  director  of  the 
National  Information  Assur¬ 
ance  Partnership  (NIAP), 
which  combines  staff  from 
the  NSA  and  the  National 
Institute  of  Standards  and 
Technology  (NIST)  to  over¬ 
see  US.  participation  in  the 
program.  Schaffer,  who  hails 
from  the  NSA,  replaced 
NIST’s  Ron  Ross  as  NIAP 
director  earlier  this  year. 

However,  even  as  the 
Defense  Department  soft¬ 
ened  the  purchasing  mandate  for  the  most 
securit>’-sensifive  national  security  systems,  it 
broadened  the  Common  Criteria  purchasing 
requirentent  to  include  all  the  department’s 
computer  s\'stems. 

"Preference  will  be  given  to  vendors  meet¬ 
ing  those  guidelines,"Schaffer  says, alluding  to 
twi>  internal  Defense  Department  directives 
issued  last  fall  and  spring.'This  is  for  the  entire 
DoD,  classified  or  unclassified." 

Wliile  it's  taking  time  for  the  Common 
Criteria  bandwagon  to  get  rolling,  more  ven- 


Ken  King 

Director  of  technical  strategy,  IBM 
Software  Group 

dors  are  jumping  on  and  more  products  are 
being  submitted  to  accredited  labs  around 
the  world,  creating  what  some  vendors  say  is 
lab  congestion.  Product  testing  has  been 
known  to  take  from  three  months  to  a  year. 

These  products  range  from  operating  sys¬ 
tems,  databases  and  firewalls  —  the  focus  of 
the  program  in  the  beginning  —  to  what  is  an 
expanding  series  of  tests  based  on  so-called 
protection  profiles  for  intrusion-detection  sys¬ 
tems  and  directory  services. 

Next  year,  the  focus  will  be  on  wireless  LAN 
access  points,  e-mail  security  and  VPNs, 
Schaffer  says.  By  year-end  there  will  be 
updates  for  older  protection  profiles  for  bio¬ 
metrics,  firewalls  and  other  product  types. 

Solaris,  AIX  and  Windows  2000  won  accredi¬ 
tation  last  year.  This  year  it’s  expected  that  the 
first  open  source  products  will  follow  suit. 

IBM  is  shepherding  Linux  SuSe  through  at 
Evaluation  Assurance  Level  2  (EAL2)  which 
indicates  design  information  and  testing  are 
“consistent  with  good  commercial  practice.” 
EAL7  is  the  highest  rating,  but  any  rating  above 
EAL4  is  said  to  be  extremely 
hard  to  achieve  and  re¬ 
quires  additional  govern¬ 
ment-lab  review. 

But  vendors  remain  unde¬ 
terred  in  proving  their  prod¬ 
ucts  are  robust  by  Common 
Criteria  standards. 

NetScreen,  for  example,  is 
the  first  firewall  vendor  to 
submit  its  product  for  so- 
called  EAL4+  testing,  which 
would  indicate  the  product 
has“medium  robustness” so 
it  can  be  used  for  “official- 
use  only,  unclassified  but 
sensitive,”  Schaffer  says. 

NetScreen  is  making  this  added  effort 
because  customers  are  asking  for  it,says  Chris 
Roeckl,  NetScreen  director  of  product  market¬ 
ing.  It’s  expected  to  cost  hundreds  of  thou¬ 
sands  of  dollars  —  not  unusual  for  Common 
Criteria  testing  —  and  take  until  year-end  to 
complete. 

Oracle,  with  Red  Hat  as  a  partner,  wants  to 
get  Unux  an  EAL4  rating  (described  in 
Common  Criteria  literature  as  ‘the  highest 
level  at  which  it  is  likely  to  be  economically 
feasible  to  retrofit  an  existing  application”)  by 


adding  code,  which  would  later  be 
put  into  the  public  domain.  This 
would  give  Linux  some  compart- 
mentalization  features,  among 
other  security  attributes. 

Mary  Ann  Davidson,  Oracle’s 
chief  security  officer, says  the  Navy 
is  specifically  requesting  this.  She 
added  that  Oracle,  whose  data¬ 
base  was  the  first  to  make  it 
through  testing  more  than  a  year 
ago,  intends  to  do  Common  Cri¬ 
teria  evaluation  of  Oracle  prod¬ 
ucts  on  top  of  Linux  as  well. 

“The  whole  reason  behind 
Common  Criteria  and  the  federal 
government  putting  its  program  in  place  is  to 
ensure  IT  products  have  the  strongest  securi- 
t}(’says  Ken  King,  director  of  technical  strate¬ 
gy  at  IBM  Software  Group.  IBM  also  has  main¬ 
frame  software,  Tivoli  Access  manager, 
WebSphere,  MQ  Series  and  other  products 
either  approved  or  in  evaluation,  he  says. 

The  NIAP  site  at  www.niap.nist.gov  lists  the 
status  of  products. 

Banks  back  CC  program 

While  there’s  interest  from  federal  agencies 
outside  the  Defense  Department  in  requiring 
compliant  products,  so  far  civilian  agencies 
haven’t  made  a  commitment.  But  outside  of 
the  government,  the  banking  industry  has 
become  the  first  to  lend  its  clout  for  Common 
Criteria  testing  of  products. 

“We  felt  like  we  have  the  same  goals,”  says 
l^ura  Lundin, senior  director  at  BITS,  the  tech¬ 
nical  arm  of  the  100-member  Financial 
Services  Roundtable,  a  group  that  represents 
the  banking  industry  on  policy  issues  and  per¬ 
forms  technical  product  evaluations  of  its 
own.“We’re  one  of  the  first  user  groups  to  back 
[Common  Criteria].” 

The  growing  backup  in  the  labs  has  inter¬ 
ested  parties  concerned. 

Symantec,  which  already  had  its  older 
Enterprise  Firewall  through  EAL4  testing,  has 
now  submitted  Symantec  Gateway  Security 
and  ManHunt  intrusion-detection  products 
for  lab  evaluation,  with  costs  expected  to 
reach  $300,000  to  $400,000.  Symantec 
researcher  Wes  Higaki  says  it  seems  to  be  tak¬ 
ing  longer  than  it  did  a  year  ago  to  get  through 
the  process,  which  might  be  because  more 
products  are  making  their  way  into  the  labs. 
“There  just  aren’t  enough  accredited  labs  out 
there,”  Higaki  says. 

King  agrees  there  seems  to  be  a  bottleneck 
with  the  labs. 

Schaffer  notes  that  the  NIAP  accredited  one 
new  lab  during  the  last  year  —  InfoGard 
Laboratories  in  San  Luis  Obispo,  Calif. —  mak¬ 
ing  seven  in  the  U.S. There  are  more  than  two 
dozen  labs  in  all  around  the  world. 

Common  Criteria  might  be  experiencing 
growing  pains,  but  Gartner  analyst  Greg  Young 
sees  them  as  minor. “It  seems  to  have  staying 
power,  compared  with  some  things  that  have 
come  and  gone  before”  in  terms  of  govern¬ 
ment  testing  of  security  products,  he  says.H 
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products, 
ranging  from 
operating  systems  to 
databases  and  firewalls, 
have  received  the 
Common  Criteria  seal 
of  approval. 
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What  day  is  it?  Sunday? 


There  are  plenty  of  ways  to  shorten  backup  windows.  And  StorageTek  is  just  the  company  to  find  the  one  that's  right 
for  you.  Maybe  it's  BladeStore  as  part  of  disk-to-disk  backup,  or  an  L-Series  automated  tape  library  with  our  superfast 
tape  drive  -  the  T9940B.  Whatever  the  solution,  we  think  you  deserve  a  day  of  rest.  Learn  more  about  this  story  and 
other  ways  we  can  help  you  at  www.savetheday.com  4  STORACETEIC  Save  the  Day.” 
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IPSec  VPN  alternatives  gain  ground 


SSL  vs.  IPSec 

Two  popular  Internet  remote-access  technologies,  IPSec 
and  SSL,  offer  increasingly  similar  features,  but 
differences  remain. 


■  BY  TIM  GREENE 

Vendors  say  Secure  Sockets 
Layer  gear  now  can  connect  re¬ 
mote  users  to  corporate  networks 
as  if  they  were  on  the  LAN,  just 
like  IP  Security  gear  does,  but 
without  having  to  install  perma¬ 
nent  VPN  clients  on  remote 
machines. 

With  Neoteris’  introduction  of 
Network  Connect  software  last 
week  and  the  earlier  availability 
of  VPN  Connector  from  uRoam 
(since  bought  by  F5  Networks; 
see  www.nwfusion.com.  Doc 
Finder:  7047)  and  Aventail  Con¬ 
nect  from  Aventail,  customers 
can  avoid  the  hassles  of  distrib¬ 
uting  and  managing  dedicated 
clients. 

Instead,  software  agents  are 
downloaded  to  remote  PCs  after 
they  are  authenticated  to  an  SSL 
appliance  located  between  the  In¬ 
ternet  and  the  corporate  network. 

The  clientless  aspect  of  SSL  re¬ 
mote  access  has  been  consid¬ 
ered  a  big  advantage  by  many 
customers  that  lack  the  resources 
to  maintain  large  IPSec  deploy¬ 
ments.  (For  more  on  the  SSL- 
IPSec  debate,  see  the  Face-Off  on 
page  48.) 

The  downside  had  been  that 
SSL  gear  supported  only  proxy 


Pro 

SSL 

•  Offers  finer  control  of  access 
and  more-detailed  records  of 
remote  users'  activity. 

•  Requires  no  pre-distributed 

client  software. _ 

•  Can  avoid  firewall  config¬ 

uration  and  network  address 
translation  problems. _ 


IPSec 

•  Supports  site-to-site  and 
remote-access  connections. 

•  Products  are  more  mature. 

•  Initial  costs  can  be  much  lower. 


access  to  Web-based  applications 
and  certain  client/server  applica¬ 
tions.  Server-initiated  applica¬ 
tions,  such  as  Net  Meeting,  and 
some  custom-written  applica¬ 
tions  were  inaccessible.  Because 
IPSec  creates  a  network-layer 
connection, any  application  avail¬ 
able  on  the  LAN  is  also  available 


Con 

SSL 

•  For  remote  access  only,  not 
site-to-site. 

•  Some  gear  lacks  network- 
layer  access. 

•  Some  gear  lacks  checks  on  the 
security  of  the  remote  machine. 


IPSec 

•  Requires  distribution,  config¬ 
uration  and  maintenance  of 
remote  software. 

•  Requires  cooperation  of  busi¬ 
ness  partners  to  set  up  extranets. 

•  Access  limits  are  not  as  tight 
as  they  can  be  with  SSL. 

via  an  IPSec  tunnel. 

Previously,  SSL  vendors  ack¬ 
nowledged  that  when  users  need¬ 
ed  network-layer  access,  IPSec 
was  the  way  to  go.  Now  that  argu¬ 
ment  is  decreasing. 

Maxim  Management  Services,  a 
medical  administration  service 
provider  in  Buffalo,  N.Y,  is  wean¬ 


ing  its  remote  users  off  IPSec- 
based  Cisco  remote-access  gear 
in  favor  of  Neoteris’  Network  Con¬ 
nect  because  it  dramatically  re¬ 
duces  time  spent  solving  client- 
software  problems,  says  Randy 
Coleman,  Maxim’s  CIO. 

The  company  has  used  Cisco 
VPN  gear  for  two-and-a-half  years 
to  give  doctors  and  affiliated 
medical  groups  access  to  Maxim 
applications.  The  company  tried 
to  switch  to  SSL  but  one  of  its  ap¬ 
plications,  called  Medent,  would 
not  connect  through  the  previous 
version  of  the  Neoteris  gear 
because  it  used  unpredictable 
and  uncommon  firewall  ports. 
With  Network  Connect,  that  limi¬ 
tation  is  gone.  “We  will  use  the 
Cisco  [VPN  gear]  as  a  backup,” 
Coleman  says. 

“There  is  no  reason  for  IPSec  to 
be  preferable”  over  SSL,  says 
David  Thompson,  an  analyst  with 
Meta  Group,  but  customers 
should  be  aware  of  what  periph¬ 
eral  security  is  on  the  remote 
machine.  Without  a  personal  fire¬ 
wall  and  without  anti-virus  pro¬ 
tection,  the  machine  could  be¬ 
come  an  access  point  for  hackers 
and  viruses,  he  says.  Aventail  and 
Neoteris  have  partnered  with  fire¬ 
wall  and  anti-virus  vendors  to 
provide  these  features. 


Support  issues  have  driven  busi¬ 
nesses  from  IPSec  to  SSL  for 
years,  with  many  organizations 
maintaining  both  for  different 
sets  of  users. 

While  some  SSL  vendors  offer 
network-layer  support  that  gives 
access  to  applications  as  if  the  re¬ 
mote  machine  were  on  the  LAN, 
they  all  also  offer  l^yer  7  access 
to  Web  applications  and  many 
client/server  applications  as  well. 
So  it  is  not  necessary  to  give 
everyone  network-layer  access. 
With  IPSec,  network-layer  access 
is  the  only  option. 

Loews,  a  conglomerate  in  New 
York,  uses  both  Cisco  IPSec  VPN 
gear  and  Whale  Communica¬ 
tions  SSL  remote-access  equip¬ 
ment  for  this  reason,  among  oth¬ 
ers.  The  IT  staff  needs  network- 
layer  access  to  perform  its  job, 
and  uses  the  IPSec  VPN.  But 
most  users  —  about  500  of  them 
—  need  access  to  just  a  few  re 
sources  such  as  emails,  faxes 
and  access  to  the  company’s 
intranet,  and  they  use  the  SSL 
gear,  says  A1  Alexander,  manager 
of  Loews’  information  center. 

Cisco’s  IPSec  is  more  difficult  to 
manage  and  maintain,  he  says.  A 
recent  upgrade  required  users  to 
download  custom  batch  files  and 
reboot  their  machines  three  times 
before  it  was  installed.This  leaves 
a  lot  of  room  for  error  and  calls 
for  help.  “It’s  a  support  issue.  It’s  a 
time  issue  for  downloading,  and 
it’s  an  administrative  issue  to  keep 
after  people  that  haven’t  done  it 
yet,”  Alexander  says. 

IPSec  gear  can  cost  less  initial¬ 
ly,  but  support  for  it  can  quickly 
eat  up  that  savings,  Coleman 
says.  Cisco  gear  for  his  network 
cost  about  $6,000,  and  the 
Neoteris  equipment  was  about 
$20,000,  he  says.  ■ 
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Nortel  debuts  advanced  net  services  wares 

SSL  VPNs  and  acceleration  for  Web  services  traffic  are  among  features  aimed  at  smaller  firms. 


■  BY  PHIL  HOCHMUTH 

Nortel  last  week  announced  hardware  and 
software  for  smaller  companies  interested  in 
deploying  advanced  network  services  such  as 
intelligent  firewalls,  Secure-Sockets-Layer- 
based  VPNs  and  traffic  acceleration. 

Nortel's  Alteon  Switched  Firewall  5114  could 
be  deployed  to  provide  packet  inspection  at 
the  edge  of  a  midsize  business.  Two  new  Al¬ 
teon  Application  Switch  products  for  midsize 
firms  also  are  being  released  for  adding  ser¬ 
vices  based  on  Layer  4  to  Layer  7  packet  in- 
-spection  and  switching. 

In  its  software  offering  last  week  Nortel 
also  focused  on  SSL  VPNs  and  application 
switching. 

Version  21 .0  of  the  Alt€?on  Operating  System 
—  which  mns  on  the  Application  Switch  prod¬ 
ucts  —  includes  hooks  that  let  a  switch  iden¬ 
tify  XML  and  Simple  Object  Application  Pro¬ 
tocol  (SOAP!  in  packets.This  could  be  used  to 
load  balance  servers  running  Web  services 
applications,  which  use  these  protocoLs.  The 
new  Alteon  Operating  System  also  includes 
updated  dt-nial-of-service  attack  pattern¬ 
matching  technology,  which  could  be  used  to 


stop  hackers  from  bringing  down  Web  sites. 

Also  new  is  Nortel’s  SSL  VPN  4.1  software, 
which  runs  on  platforms  such  as  Nortel’s  SSL 
310  and  410  VPN  boxes.  The  software  adds 
Web-based  management  features  and  an 
auto-logoff  feature  for  closing  inactive  SSL 
VPN  sessions. 

SSL  VPNs  are  in  use  at  Care  New  England,  a 
healthcare  management  firm  that  operates 
three  hospitals  in  Rhode  Island.  Nortel’s  SSL 
VPN  gear  eases  the  deploying  of  remote- 
access  applications,says  Howard  Rubin, direc¬ 
tor  of  IS  for  Care  New  England. 

“We  were  looking  for  a  clientless  [technol¬ 
ogy]  for  providing  remote  access,”  Rubin  says. 
SSL  lets  hospitals  and  affiliated  doctors  in 
remote  offices  access  e-mail  and  other  Web- 
enabled  applications  securely  with  a  standard 
SSL-capable  Web  browser. 

“We’re  interested  in  SSL  VPNs  because  there 
are  thousands  of  PCs  out  there  that  we  don’t 
have  control  over^  that  are  used  by  employees 
and  affiliates  to  access  Care  New  England’s 
applications,  Rubin  says.“We  like  this  solution 
because  we  don’t  have  to  do  anylhing  on  the 
client  side,”  in  terms  of  VPN  client  configura¬ 
tion,  he  adds. 


Nortel’s  Alteon  Switched  Firewall  5114  can 
be  deployed  to  provide  stateful  firewall  pack¬ 
et  inspection  for  a  midsize  business.  The  box 
can  apply  different  firewall  polices  to  various 
segments  of  a  business.  The  firewall  costs 
$16,000. 

The  Alteon  Application  Switch  2208  and 
2216  offer  eight  and  16  lOOM  bit/sec  Layer  4  to 
Layer  7  switch  ports,  respectively  Both  boxes 
come  with  two  Gigabit  Ethernet  uplink  ports. 
The  2208  model  costs  $16,000  and  the  2216  is 
priced  at  $20,500. 

The  Alteon  firewall  and  application  switch 
gear  competes  with  products  such  as  Cisco’s 
CSS  content  switch  and  PIX  firewall,  firewalls 
by  NetScreen  Technologies  and  Nokia,  and 
application  switches  from  F5  Networks, 
Foundry  Networks  and  Radware. 

The  Alteon  Operating  System  21.0  with  XML 
and  SOAP  switching  capabilities  is  a  license- 
enabled  software  feature  and  costs  about 
$8,000. 

The  SSL  VPN  software  ranges  from  $10,000 
for  a  100-user  system  to  $40,000  for  a  1,000- 
user  system.  The  SSL  VPN  310  and  410  hard¬ 
ware  ranges  from  $20,000  to  $25,000,  depend¬ 
ing  on  configuration.  ■ 


Don ’t  let  Internet  dbtractiono 
undermine  offiee  productivity. 


Whether  it’s  shopping,  gambling,  travel  or  trading, 
cyberslacking  is  a  real  corporate  conundrum.  Put 
productivity  back  on  track  with  Websense  Enterprise 
software.  Implement  time  quotas  for  personal  surfing. 
Limit  use  of  bandwidth-intensive  applications  like 
peer-to-peer  and  streaming  media.  And  block  access  to 
inappropriate  sites.  With  Websense  Reporter,  Explorer 
and  Real-Time  Analyzer  you  have  up-to-the-minute 
access  to  Internet  usage  information  and  network 
performance.  And  Websense  Enterprise  offers  the 
benefit  of  easy  installation  and  seamless  integration 
with  the  leading  firewalls,  proxy  servers,  routers, 
network  switches  and  caching  appliances.  No  wonder 
the  Fortune  500  wasted  no  time  making  Websense  the 
preferred  solution  for  keeping  employee  online  activity 
on  task.  Visit  www.websense.com  today  for  more 


information  or  to  download  a  free  30-day  trial. 


EMPLOYEE  INTERNET  MANAGEMENT 


NASDAQ:  WBSN 


New  scandal  only  adds  to  MGI’s  woes 


I  IWe  have  a  zero-tolerance  policy, 
and  if  any  wrongdoing  is 
discovered,  you  can  be  certain 
that  we  will  take  appropriate 
action  swiftly.  9  9 


■  BY  DENISE  PAPPALARDO 

MCI  is  entangled  in  yet  another  scandal 
that  might  seriously  affect  the  carriers  abil¬ 
ity  to  win  new  business  even  after  it 
emerges  from  bankruptcy 

The  Department  of  Justice,  FCC,  House 
Energy  and  Commerce  Committee,  and  a 
mass  of  lawyers  are  investigating  claims 
that  MCI  intentionally  and  fraudulently  re¬ 
routed  voice  calls  through  Canada  to  avoid 
paying  sometimes-hefty  access  fees  to 
other  service  providers. 

AT&T,  MCl’s  prime  rival,  brought  the 
allegations  to  light  early  last  week  when 
it  filed  its  second  objection  to  MCl’s  plan 
of  reorganization  with  the  federal  bank¬ 
ruptcy  court. 

AT&Ts  motion  details  how  MCI  deliber¬ 
ately  set  up  the  Canadian  Gateway  Project 


■  BY  DENISE  DUBIE 

Opsware  this  week  is  scheduled  to  intro¬ 
duce  software  the  company  says  can  help 
network  managers  pull  more  usage,  appli¬ 
cation  and  server  performance  data  out  of 
its  flagship  server-provisioning  and  change- 
management  software. 

The  Data  Center  Intelligence  (DCl)  mod¬ 
ule  is  a  software  add-on  that  plugs  in  to 
Opsware  System  4,  the  latest  revision  of 
Opsware’s  IT  automation  platform.  It  is  not 
a  stand-alone  product,  meaning  customers 
need  Opsware  System  4  to  use  the  DCl 
module,  but  it  is  not  included  in  the 
upgrade  to  Opsware  System  4. 

The  flagship  software  collects  data  on 
servers  and  the  applications  and  systems 
running  on  them.  The  module  taps  in  to 
Opsware’s  data  repository  and  can  deliver 
about  50  reports,  pre-written  and  customiz¬ 
able,  that  tell  network  managers  about 
operations  activity,  labor  utilization,  server 
and  application  usage,  and  the  state  of  the 
data  center,  company  executives  say 

One  customer  says  he  appreciates  the 
benefits. 

“Our  enterprise  customers  are  really  fo¬ 
cused  on  [total  cost  of  ownership]  and 
R01,’’says  Lenny  Monsour, general  manager 
of  application  hosting  and  management  at 
serv'ice  provider  Inflow  in  Denver."The  DCl 
module  could  let  us  help  our  customers 
be  more  aware  of  the  costs  of  running  their 
data  centers  and  their  businesses.” 

Monsour  recently  started  rolling  out 
Opswan?  System  4  across  Inflow’s  13  data 
centers  and  to  customer  networks.  He  says 
getting  the  software  up  and  running  took 
about  two  mouths.  Inflow  eventually  will 
deploy  tlie  Dt'l  module  to  offer  a  higher 


to  avoid  paying  millions  of 
dollars  in  access  fees  and  to 
unfairly  win  new  business  by 
offering  lower  service  rates. 

AT&T  is  asking  the  bankruptcy 
judge  to  remove  current  re¬ 
strictions  that  prevent  it  from 
pursuing  a  racketeering  and 
fraud  suit  against  MCI  after  it 
emerges  from  bankruptcy 

AT&Ts  claim  and  possible 
lawsuit  aren’t  as  threatening  to 
MCI  as  the  tangential  ramifica¬ 
tions  that  come  with  these 
assertions. 

After  nearly  two  months  of  pressure  the 
General  Services  Administration  last  week 
suspended  MCI  from  winning  any  new 
government  contracts,  saying  it  has  been 
watching  the  company  closely  since  it  filed 


level  of  service  to  about  750  customers.  Be¬ 
cause  his  company  tracks  business  pro¬ 
cesses,  Monsour  says  Opsware’s  change- 
management  rules  and  policies  appealed 
to  him  more  than  competing  products 
from  IBM  and  Sun,  which  acquired 
Opsware  competitors  Think  Dynamics  and 
Terraspring,  respectively 

Opsware  System  4  includes  an  Opsware 
core  that  runs  on  Solaris  and  Linux  boxes 
and  provides  the  overall  management 
piece,  while  agents  are  deployed  on  the 
servers  being  managed.The  Opsware  core 
includes  an  Oracle  database,  in  which  all 
the  actions  and  changes  made  to  servers, 
applications  and  systems  are  stored.  The 
software  uses  a  blueprint  of  sorts  to  ensure 
the  actions  and  changes  made  to  data  cen¬ 
ter  servers  and  applications  don’t  stray  from 
the  predefined  rules  network  managers  set. 

“As  an  application  hosting  company,  we 
know  that  performance  and  availability 
depends  on  inaccurate  changes  not  being 
made,”  Monsour  says. 

The  DCl  module  connects  to  the  core  via 
Web  services  APIs  to  perform  data  analysis 
and  let  network  managers  browse  data 
that  the  Opsware  software  collects. DCl  can 
connect  to  other  data  warehouses  for  data 
mining  outside  Opsware’s  core.  Reports 
show  the  history  of  changes,  employee- 
productivity  statistics  and  the  success  rate 
of  actions  taken  and  tasks  performed. 

The  DCl  module  is  expected  to  ship  in 
September  when  Opsware  System  4  soft¬ 
ware  is  expected  to  be  available.  Pricing  for 
DCl  has  yet  to  be  determined, but  the  com¬ 
pany  says  the  costs  will  be  a  one-time 
expense  for  customers.  Opsware  System  4 
pricing  depends  on  the  number  of  agents 
deployed  on  managed  servers.  ■ 


Michael  Capellas 

CEO,  MCI 

for  bankruptcy  last  year  and  specifically 
reviewed  charges  of  fraud  against  MCI. 

The  carrier  says  it  has  hired  a  team  of 
lawyers  to  “vigorously”  investigate  the 
claims  internally 

“We  have  a  zero-tolerance  policy,  and  if 
any  wrongdoing  is  discovered,  you  can  be 
certain  that  we  will  take  appropriate  action 
swiftl}^’ says  MCI  CEO  Michael  Capellas. 

“One  thing  [MCI]  can’t  afford  is  the  loss 
of  confidence  in  the  minds  of  corporate 
customers,”  says  Doug  Jarrett,  a  partner  at 
Washington,  D.C.,  law  firm  Keller  and 
Heckman,  which  specializes  in  regulatory 
and  customer  contract  issues.’And  this  will 
impact  [MCl’s]  ability  to  sell  in  the  corpo¬ 
rate  market.” 

Whether  AT&T’s  claims  are  completely 
accurate,  completely  false  or  somewhere 
in  between,  MCI  is  involved  in  yet  another 
scandal  that  can  only  hurt  the  carrier.  AT&T 
might  have  had  this  in  mind  when  it  con¬ 
sidered  making  its  allegations  public,some 
experts  in  the  telecom  field  suggest. 

“For  AT&T  there  is  a  mix  of  motivations, 
some  of  which  is  genuine  frustration  that 
MCI  hasn’t  been  punished  enough,”  says 
Johnna  Till  Johnson,  president  and  chief 
research  officer  at  independent  technol¬ 
ogy  research  firm  Nemertes  Research  and 
a  Network  World  columnist. 

As  recently  as  two  weeks  ago,  competitors 
including  Verizon  sat  before  government 
officials  and  stated  MCl’s  Securities  and  Ex¬ 
change  Commission  (SEC)  settlement  was 
not  enough  punishment  for  the  carrier’s 
wrongdoings.  MCI  is  expected  to  pay  $700 
million  to  the  SEC,  the  largest  settlement  in 
history  for  its  $11  billion  in  accounting 
fraud  that  was  revealed  last  year. 

MCI  competitors  might  view  the  new 
fraud  allegations  and  ensuing  chaos  as“de 
facto  justice,”  considering  just  two  weeks 


ago  it  appeared  that  MCI 
would  emerge  from  bank¬ 
ruptcy  this  fall  as  the  com¬ 
pany  has  predicted  for 
months,  Johnson  says. 

While  some  analysts  still 
see  that  happening,  there  are 
questions  as  to  how  well  MCI 
will  weather  this  latest  storm. 

“If  AT&T  succeeds  they  are 
going  to  hit  MCI  where  it 
really  matters,  in  the  pocket- 
book,"  Johnson  says.  Experts 
estimate  that  AT&T  might 
have  lost  anywhere  from  $10 
million  to  $100  million  in  access  fees  as  a 
result  of  MCl’s  alleged  scam.  But  MCI  could 
lose  much  more.  If  MCI  is  denied  govern¬ 
ment  contracts,  it  could  lose  $5  million  to 
$8  million  per  month,  Jarrett  says  —  not  to 
mention  the  number  of  commercial  cus¬ 
tomer  contracts  the  carrier  might  not  be 
able  to  win  now  that  it’s  in  the  midst  of  yet 
another  scandal. 

MCI’s  revenue  has  been  down  in  the  past 
two  monthly  operating  reports  it  is  re¬ 
quired  to  file  with  the  bankruptcy  court. 
The  carrier  is  bringing  in  just  more  than  $2 
billion  per  month.  MCI  also  amended  its 
original  reorganization  plan  last  month, 
reducing  its  revenue  projections  over  the 
next  three  years  by  $4.2  billion.  MCI  attrib¬ 
uted  the  change  to  a  difficult  economic 
market.  However,  it’s  tough  to  drum  up  new 
business  when  in  the  midst  of  a  bankrupt¬ 
cy  because  no  one  can  predict  when  or 
even  if  the  company  will  emerge. 

At  a  minimum  this  scandal  could  pro¬ 
long  the  perception  that  there  is  still  too 
much  uncertainty  surrounding  MCI  to  sign 
a  new  long-term  deal  with  the  carrier.  And 
at  worst,  the  regulators  might  find  that  MCI 
isn’t  fit  to  carry  telecom  traffic,  Jarrett  says. 

In  addition  to  users  questioning  the 
long-term  financial  health  of  MCI,  some 
might  now  feel  less  confident  in  MCI’s 
new  management  team  because  it’s  possi¬ 
ble  it  let  fraudulent  undertaking  continue 
on  its  watch.  AT&T  says  MCI  started  ille 
gaily  routing  calls  through  Canada  two 
years  ago  and  was  doing  so  right  up  until 
the  carrier  filed  its  motion  with  the  court 
on  July  28. 

“It’s  believable  that  the  scheme  was  set 
up  prior  to  Capellas  joining,  and  it  was 
never  discovered,”  Johnson  says.“The  level 
of  disorganization  within  [MCI]  makes 
that  a  real  possibility”  ■ 
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continued  from  page  1 

“Linux  is  moving  into  database  and  appli¬ 
cation  .server  environments  beyond  just  the 
very  early  razor-edge  adopter  of  last  year 
and  the  year  before,"  says  Pierre  Fricke, 


Digital  Document  Security 
and  IT:  Everything  you 
need  to  know. 

Q,  What  are  the  most  significant  digital  copier 
•  security  issues? 

Various  copier  print  controllers  are  actually  servers 
•  that  queue  and  permanently  store  multiple 
document  files,  providing  administrator  access  to  the 
documents.  At  a  minimum,  most  digital  copiers  retain  the 
last  document  processed;  some  even  retain  multiple 
documents  totaling  hundreds  of  pages.  Others  redirect 
print  jobs  when  the  printer  is  busy  or  jammed,  making 
"denial  of  service"  attacks  possible. 

*  How  does  Sharp  protect  the  network  interface? 

The  Sharp  Ethernet  card  allows  administrators  to 
•  restrict  access  and  disable  unnecessary  protocols. 
With  this  network  card,  the  Sharp  digital  copier  is 
essentially  protected  by  its  own  firewall. 

How  can  you  be  sure  that  security  products 
•  actually  perform  as  claimed? 

The  Common  Criteria  program — administered  by 
•  the  U.S.  National  Security  Agency  and  the  National 
Institute  of  Standards  and  Technology — evaluates 
security  solutions.  Products  that  are  validated  under  the 
program  meet  security  levels  consistent  with  ISO  15408 
methodology. 

•  How  can  Sharp  improve  IT  security? 

Sharp  offers  print  privacy  solutions  designed  to 
•  restrict  unauthorized  personnel  from  seeing 
confidential  materials.  Copier  access  can  be  controlled 
and  monitored,  while  documents  retained  in 
printer/copier/scanner/fax  memory  are  immediately 
cleared  to  eliminate  unauthorized  access. 

sharpusa.com 


be  sharp” 

Sharr-  ^lectront:  Corpcnaton. _ 


executive  vice  president  at  consulting  firm 
D.H.  Brown  Associates.  “You’ve  got  more 
mainstream  business  users  putting  this 
stuff  into  play  at  that  level.” 

Pushing  that  trend  are  products  and  ser¬ 
vices  from  major  vendors  that  view  Linux 
as  an  increasingly  important  and  viable 


data  center  platform.The  show  will  feature 
more  than  150  vendors  unveiling  and 
demonstrating  products,  about  the  same 
number  that  had  booths  at  the  LinuxWorid 
in  New  York  in  January 

In  addition,  the  show  will  feature  its  first 
Hands-On  Lab,  which  will  offer  show- 
goers  computer  training  on  a  variety  of 
Linux  applications,  from  managing  a 
mixed  Windows  and  Linux  environment 
to  network  security  issues  for  Linux  and 
Java.  The  show  will  feature  a  financial 
summit  to  highlight  the  growing  use  of 
Linux  in  the  financial  community,  and  a 
CIO  Agenda,  which  is  aimed  at  helping 
CIOs  make  sense  of  the  Linux  platform 
and  where  it’s  headed. 

Attendance  at  the  show  is  expected  to  be 
on  par  with  last  year,  when  about  20,000 
people  showed  up,  according  to  show 
organizer  IDG  World  Expo,  a  sister  company 
of  Network  World.  While  the  show  will 
include  the  expected  number  of  “geeks 
[and]  techies,  we’re  seeing  larger  numbers 
of  attendees  from  manufacturing,  finance/ 
banking,  government  and  education,”  an 
IDG  World  Expo  spokeswoman  says. 

One  of  the  reasons  for  the  interest  in  the 
show  is  the  cost-savings  customers  have 
realized  by  running  Linux  on  standard  plat¬ 
forms  vs.  more-expensive  proprietary 
machines,  analysts  say 

Petroleum  firm  Amerada  Hess,  for  exam¬ 
ple,  traded  in  IBM  Unix  systems  for  Linux 
on  Intel-based  boxes.  Jeff  Davis,  technical 
lead  at  the  firm  in  Houston,  says  the  com¬ 
pany  is  saving  “several  million  dollars”  by 
running  its  supercomputing  applications 
for  seismic  analysis  and  reservoir  simula¬ 
tion  on  Red  Hat  Linux. 

At  this  week’s  show,  Davis  expects  to  hear 
about  more  widespread  vendor  support 
for  Linux  and  more  advanced  enterprise 
solutions.  He  says  he’s  also  interested  in 
hearing  about  Linux  Kernel  2.6,  which 
expands  the  symmetric  multiprocessing 
capabilities  of  Linux  to  support  up  to  16 


Linux:  Making  inroads 

Major  systems  vendors  such  as 
HP  and  IBM  will  be  announcing 
more  powerful  products  helping 
to  push  Linux  deeper  into 
corporate  data  centers.  A  Giga 
Information  Group  straw  poll 
shows  that  a  growing  number  of 
businesses  see  Linux  as  a  stable 
platform  for  database 
deployments: 


4^*^  —  have  an  open  source  database, 
such  as  MySQL  or  PostgreSQL. 

22%  —  have  Oracle  or  DB2  on 
Linux  in  test  or  production  environments. 

30%  —  are  considering  a  Linux 

platform  for  a  database. 


44% 


source. 


have  no  interest  in  open 


processors.  Linux  2.6  is  now  in  beta 
and  is  expected  to  be  generally  available 
next  year. 

“The  big  news  to  me  is  what’s  going  on 
technicallyT  says  Joe  Clabby  of  Clabby 
Analytics  a  research  company  in  Yar¬ 
mouth,  Maine.  “Linux  had  shortcomings, 
particularly  in  the  area  of  scalability  Most 
Linux  implementations  scaled  well  to  six 
and  sometimes  eight  processors  so  that 
limited  where  they  could  be  deployed. 
Now  [with  Linux  2.6]  you’re  looking  at  16- 
way  and  32-way  [capability]  .So  Intel-based 


The  eServer  325,  IBM’s  first  32-/64-bit  AMD 
Opteron-based  box,  is  a  key  part  of  Big  Biue's 
new  DB2  Integrated  Cluster  environment 
which  runs  Linux  and  can  scaie  to  as  many 
as  1,000  nodes. 

Linux  servers  can  indeed  finally  come  into 
the  enterprise  and  scale  up  and  compete 
head-on  with  midrange  servers  from  Sun 
and  IBM.” 

Weather.com  used  to  be  a  Sun  Solaris 
shop  but  now  runs  100%  of  its  systems  on 
Linux  on  Intel.  Dan  Agronow, vice  president 
of  technology  at  the  firm  in  Atlanta,says  he 
moved  his  Oracle  database  to  Linux  in 
2001  and  saved  thousands  of  dollars  in 
the  process. 

He  hopes  to  see  better  performance  from 
Linux,  but  says  the  multiprocessor  support 
is  secondary.  “We’ve  had  a  lot  of  success 
with  the  horizontal  scalability  of  two 
CPU  boxes.” 

Agronow  says  he’s  looking  forward  to 
testing  the  new  Opteron-based  eServer  325 
from  IBM.  “We’re  not  looking  for  a  larger 
number  of  CPUs  per  server.  Performance  is 
the  biggest  benefit  we’d  like  to  see  in  the 
future  from  Linux,”  he  says. 

Ice.com,  an  online  jewelry  retail  site  in 
Montreal  has  used  strictly  Linux  and 
open  source  for  years.  “We  chose  Linux 
for  one  reason,  and  that  was  cost,”  says 
CIO  Steve  Bramson. 

Bramson  says  he  would  like  to  see  more 
tools  for  configuring  and  managing  Linux 
and  open  source  environments. “There’s  a 
big  difference  between  installing  a 
Windows  2000  package  and  a  Linux  pack¬ 
age  on  a  server;”  Bramson  says.  Products 
that  make  Linux  set  up  more  point-and- 
click  features  would  be  a  plus,  he  adds. 

IBM  is  focusing  on  that  idea  with  its 
eServer  Integrated  Platform  for  e-business, 
which  includes  hardware,  application  serv¬ 
er,  database  software  and  tools  that  small 
and  midsize  businesses  need  to  get  up  and 
running  on  Linux.  It  also  is  extending  Linux 
support  for  Tivoli  .  HP  will  announce  that  its 
ProLiant  Essentials  Rapid  Deployment 
pack  for  Linux  will  now  run  on  a  Linux 
server,  enabling  it  to  be  used  in  a  Linux- 
only  environment. 

See  LinuxWorid,  page  16 


How  secure 


Protect  your  information  with  the  Data  Security 
Kit  from  Sharp.  Financial  facts,  personnel  records, 
customer  lists:  networked  copiers/printers  process 
sensitive  information  every  day.  Unfortunately,  their 
hard  drives  can  also  be  accessed  via  the  network, 
contributing  to  $60  billion  worth  of  information 
theft  every  year.*  To  protect  this  weak  link  in  your 


is  your  digital  information? 


corporate  security,  we've  created  our  Data  Security 
Kit.  It's  the  first  copier  and  printer  protection  to 
be  validated  by  Common  Criteria,  a  government- 
sponsored  program,  and  it's  available  only  with 
our  Digital  IMAGER™  series  of  copiers/printers. 
Sharp's  Data  Security  Kit.  Enhanced  information 
protection  at  your  fingertips,  sharpusa.com/security 
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Microsoft 

continued  from  page  1 

complex  annuity  licensing  pro¬ 
gram  and  the  impending  expira¬ 
tion  of  nearly  one-third  of  its  cus¬ 
tomer  licensing  contracts  — 
means  the  company  could  suffer 
customer  defections  and  lost 
revenue. 

One  of  the  vendor’s  next  high- 
profile  battles,  according  to 
sources,  is  DaimlerChrysler.  The 
automaker  is  said  to  be  squirm¬ 
ing  under  Microsoft’s  annuity 
licensing  plan  and  contemplat¬ 
ing  replacing  some  of  its  Win¬ 
dows  server  infrastructure  with 
Linux.  DaimlerChrysler  officials 
would  neither  confirm  nor  deny 


LinuxWorld 

continued  from  page  14 

Several  other  vendors  are 
expected  to  make  manage¬ 
ment-related  announcements 
at  the  show.  Among  them  is 
Candle,  which  will  introduce 
software  for  managing  and 
fine-tuning  the  performance  of 
IBM  WebSphere  on  Linux. 
Linuxcare  will  unveil  software 
for  managing  thousands  of 
Linux  virtual  servers  deployed 
on  IBM’s  mainframe  hardware 
platform. 

IBM  is  extending  Linux  sup¬ 
port  for  Lotus,  including  the 
first  Web-based  Linux  client  for 
its  forthcoming  Domino  6.5 
messaging  and  collaboration 
server,  which  also  will  run  on 
IBM  eServer  zSeries  main¬ 
frames.  The  Domino  Web  Ac¬ 
cess  client,  formerly  called 
iNotes,  now  supports  the  Mo- 
zilla  1.3  browser,  which  runs  on 
a  Linux  desktop.  Show-goers 
can  expect  to  hear  more  about 
Linux’s  move  to  desktop  envi¬ 
ronments  as  businesses  find 
the  same  kinds  of  savings  for 
client  environments  as  they 
have  for  servers. 

Senior  editor  John  Fontana  con¬ 
tributed  to  this  report. 
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the  possibility  of  such  a  move. 

Two  years  ago,  DaimlerChrysler 
made  a  highly  publicized  com¬ 
mitment  to  Linux  by  replacing  a 
Unix  cluster  with  an  IBM-built 
cluster  of  108  Linux  worksta- 
tions.The  goal  was  to  reduce  the 
cost  of  running  crash-test  simula¬ 
tions,  the  company  said. 

“We  continue  to  work  with 
DaimlerChrysler,”  says  Scott 
Handy,  director  of  Linux  software 
solutions  for  IBM,  although  he 
would  not  provide  specifics. 

Microsoft  is  said  to  be  in  talks 
with  DaimlerChrysler  to  stem 
any  defection  to  Linux  by  negoti¬ 
ating  licensing  terms  under 
Microsoft’s  Licensing  6.0  and 
Software  Assurance  program,  the 
annuity  licensing  program  that 
has  caused  a  backlash  since  its 
introduction  in  May  2001. 

Microsoft  said  it  does  not  com¬ 
ment  on  specific  customer  deals. 

“Licensing  6.0  is  the  best  thing 
to  ever  happen  to  Linux,” 
Handy  says. 

It’s  a  beast  Microsoft  created 
and  is  trying  to  tame. 

Ballmer  sounds  alarm 

Microsoft  CEO  Steve  Ballmer 
said  in  a  memo  to  employees  in 
June  that  the  company  would 
need  to  fix  mistakes  it  made  in 
implementing  the  annuity  licens¬ 
ing  program.  He  added  that 
Linux  requires  Microsoft’s  “con¬ 
centrated  focus  and  attention.” 

As  a  result,  Microsoft  has  be¬ 
come  more  flexible  in  contract 
negotiations,  willing  to  offer  dis¬ 
counts  that  sometimes  reach 
45%  and  other  unusual  conces¬ 
sions,  especially  when  battling 
against  Linux,  according  to  ana- 
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lysts  and  customers. 

The  most  striking  example  of 
change  is  a  high-profile  flop  by 
Microsoft  that  might  have  set  a 
tone  in  Germany,  where  Daimler¬ 
Chrysler  has  its  headquarters  in 
Stuttgart. 

In  June,  the  Munich  city  gov¬ 
ernment  said  it  will  migrate 
14,000  Windows  desktops  to 
Linux  beginning  in  early  2004. 
The  city  decided  Linux  would  be 
less  expensive  over  time,  even 
though  Microsoft’s  bid  was 
nearly  $12  million  less  than 
those  from  IBM  and  SuSE  Linux, 
which  is  based  in  Germany. 

Microsoft’s  bid,  which  Ballmer 
delivered  personally,  started  at 
$36.6  million  and  was  slashed  to 
$23.7  million  at  the  llth-hour, 
including  an  unusual  offer  to 
unbundle  Word  from  Microsoft 
Office. 

The  loss  in  Munich  overshad¬ 
owed  Microsoft  victories  in  other 
European  cities,  including  in 
Frankfurt,  according  to  Ballmer’s 
remarks  at  the  company’s  July  24 
financial  analysts  meeting.  But 
Microsoft  won’t  provide  specifics 
on  that  deal. 

The  tit-for-tat  lends  credence  to 
Linux’s  climb  up  Microsoft’s  chal¬ 
lenge  meter,  as  does  an  open 
source  test  lab  that  Microsoft 
opened  in  May  and  an  attack  on 
Linux  that  Ballmer  delivered  at 
the  analysts  meeting.  Ballmer 
said  there  were  misconceptions 
about  Linux’s  overall  value, citing 
research  from  Gartner  and  I  DC 
that  said  Windows  was  up  to  30% 
less  expensive  on  the  desktop 
and  up  to  22%  less  expensive  on 
the  server  than  Linux. 

“What’s  going  on  with  Linux 
and  some  of  the  big  Linux  distri¬ 
butions,  and  open  source,  is  that 
the  rate  of  deployment,  the  rate 
of  creation,  [and]  of  releases  of 
Linux  that  address  security  prob¬ 
lems  also  has,  perhaps,  even  big¬ 
ger  problems  than  we  have,” 
Ballmer  said. 

Growth  seen  in  surveys 

Despite  those  claims,  the  most 
recent  research  by  IDC  shows 
that  Linux  had  a  26%  share  of  the 
server  operating  system  market 
in  2001,  up  from  22%  in  1999.The 
uptake  is  in  line  with  IDC  projec¬ 
tions  that  Linux  will  have  30%  of 
the  server  market  by  2007  (com¬ 
pared  with  just  more  than  50% 
for  Microsoft)  and  will  be  com¬ 
monplace  on  corporate  evalua¬ 
tion  lists  by  2005. 

Overall,  however,  Microsoft  says 
it  has  a  53.1%  to  16.7%  advantage 
over  Linux  on  the  server.  On  the 
desktop,  Microsoft  continues  to 
dominate,  although  the  deal  in 


Munich  could  ignite  corporate 
interest. 

“I’m  not  happy  that  we  grew 
share  and  Linux  grew  their  share 
a  little  bit  more  at  the  server  level 
last  year[’  Ballmer  said. 

The  rush  to  stem  the  rising  tide 
of  Linux  intersects  with  Micro¬ 
soft’s  effort  to  correct  problems 
with  its  Licensing  6.0  program, 
which  has  attracted  only  30%  of 
current  customers,  according  to 
a  March  survey  by  The  Yankee 
Group. 

Of  the  70%  not  in  the  program, 
42%  said  they  are  not  participat¬ 
ing  because  they  signed  Li¬ 


censing  5.0  contracts  as  a  way  to 
delay  a  decision  on  the  6.0  pro¬ 
gram.  But  most  of  those  5.0  con¬ 
tracts  will  expire  between  Sept¬ 
ember  2003  and  July  2004. 

“The  point  is,  will  Microsoft  be 
able  to  talk  those  people  into 
signing  up  for  6.0  and  Software 
Assurance?”  says  Alvin  Park,  an 
analyst  with  Gartner.  “If  they 
don’t  sign  them,  it  will  be  a  sig¬ 
nificant  revenue  problem  for 
Microsoft.” 

The  company  says  it  also  must 
get  new  contracts  for  both 
Licensing  6.0  Enterprise  Agree¬ 
ments  and  Software  Assurance 
from  midsize  to  large  accounts 
and  get  customers  to  cover 
more  products  under  those 
contracts. 

That  uncertainty  has  led  Micro¬ 
soft  to  acknowledge  that  it  can’t 
predict  unearned  revenue  growth 
for  fiscal  year  2004. The  revenue  is 
derived  mostly  from  licensing 
commitments  that  are  paid  in 
installments  over  three  years. 
Over  the  past  two  years  the  com¬ 
pany  has  had  growth  of  38%  and 
16%  in  unearned  revenue,  mostly 
fueled  by  two-year  Licensing  5.0 
contracts. 

But  while  Microsoft  scrambles, 
Linux  hasn’t  taken  advantage 
with  a  slam  dunk. 

The  recent  lawsuit  brought  by 
The  SCO  Group  against  IBM  over 
intellectual  property  rights  sur¬ 
rounding  Unix  and  Linux  is 
catching  attention.  Microsoft  re 
cently  licensed  the  SCO  Unix 
code,  which  many  saw  as  a  move 


to  fan  the  flames. 

Linux  still  must  prove  itself  in 
key  areas,  including  integration, 
interoperability,  scalability  and 
reliability  And  the  portfolio  of 
corporate  applications  for  the 
platform  must  grow. 

“Linux  says  it  is  free  and  it  is 
open,  but  it  has  not  stepped  up 
to  the  plate  and  said  how  much 
it  costs,” says  Laura  DiDio,an  ana¬ 
lyst  with  The  Yankee  Group. 

She  says  her  research  shows 
that  one-tenth  of  one  percent  in 
difference  on  reliability  from 
one  operating  system  platform  to 
another  can  result  in  an  addi¬ 


tional  63  hours  of  downtime  and 
generate  $700,000  to  $3.5  million 
in  additional  support  and  admin¬ 
istration  costs  depending  on  the 
size  of  an  organization. 

And  another  thing  is  that  many 
Windows  users  are  dug  into  the 
platform  in  certain  areas  of  their 
organization. 

Paul  Mercurio,  senior  vice  pres¬ 
ident  and  CIO  of  Mobile  Travel 
Guide,  which  runs  a  travel  Web 
site,  recently  outsourced  the  site 
to  IBM.  IBM  hosts  the  site  on  a 
mainframe  running  Linux.“Open 
source  and  innovation  can  hap¬ 
pen  without  the  control  of  one 
company  that  may  have  an 
agenda,”  he  says. 

However,  internally,  the  com¬ 
pany  has  a  Windows  infrastruc¬ 
ture  because  programs  such  as 
Word  and  PowerPoint  have  be¬ 
come  essential  for  sharing  files 
with  outside  partners. 

“The  Microsoft  stuff  works,  and 
there  is  not  a  lot  of  reason  to 
change,”  he  says.  “Whether  we 
like  it  or  not,  some  of  these  appli¬ 
cations  are  de  facto  standards.” 

Microsoft  CFO  John  Connors 
boiled  it  all  down  last  week  in  a 
conference  call  for  financial 
analysts. 

“If  Linux  gains  more  share, 
that’s  an  impact  to  us,"  he  said.“lf 
Linux  gains  share  on  the  desk¬ 
top,  that’s  an  impact  to  us.  If  we 
execute  well,  we  mitigate  the 
risk.”! 
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lll'm  not  happy  that  we  grew 
share  and  Linux  grew  their  share 
a  little  bit  more  at  the  server  ievel 
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Steve  Ballmer 

CEO,  Microsoft 
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SAN  switching:  Bi^er  is  better 


■  SMC  Networks  last  week 
announced  a  12-port  10/100/1000M 
bit/sec  switch  that  includes  features 
such  as  security,  management  and 
quality-of-service  support.  The  Tiger- 
Switch  SMC8612T  could  be  deployed 
as  a  backbone  switch  for  small  net¬ 
works  or  as  a  workgroup  switch  for 
power  users  who  work  with  large  files. 
The  box  includes  12  triple-speed  ports 
and  24G  bit/sec  of  bandwidth,  letting 
all  ports  run  at  full  duplex  simultane¬ 
ously.  Four  Mini  Gigabit  Interface 
Converter  slots  are  built  in  for  adding 
fiber  or  copper  uplink  ports.  The  box 
supports  network-level  authentication 
via  a  RADIUS  server,  and  Secure 
Sockets  Layer  encryption  to  secure 
sensitive  traffic.  The  switch  also  can 
be  managed  via  a  built-in  Web  applica¬ 
tion  and  supports  Remote  Monitoring 
and  port  mirroring  for  managing  and 
troubleshooting  network  connections. 
TheTigerSwitch  SMC8612T  is  avail¬ 
able  for  $1,2CX).  Mini  GBICs  are  avail¬ 
able  for  $520  to  $3,455. 

■  Although  Sun  discontinued  sales 
of  its  customized  Linux  distribution 
several  months  ago,  the  company 
hasn't  abandoned  its  do-it-yourself 
Linux  strategy:  In  its  forthcoming 
bundle  of  desktop  software,  code- 
named  Mad  Hatter,  the  included 
Linux  operating  system  will  be  Sun’s 
own.  Sun  decided  in  April  to  stop 
marketing  its  Sun  Linux  5.0.  Weeks 
later.  Sun  partnered  with  Red  Hat, 
whose  operating  system  software  it 
now  sells  on  its  x86  server.  Part¬ 
nering  with  Linux  vendors  will  remain 
Sun's  server-side  strategy  but  on  the 
desktop,  it  will  rely  on  its  own  distrib¬ 
ution.  Mad  Hatter,  now  in  beta-test¬ 
ing,  is  a  package  of  basic  desktop 
applications  consisting  mainly  of 
open  source  components.  It  includes 
Sun's  StarOffice  productivity  suite, 
the  Mozilla  Web  browser,  the  Gnome 
desktop  interface  and  Ximian’s 
Evolution  management  software. The 
company  says  Mad  Hatter  could 
debut  in  September  or  October.  Sun 
says  it  anticipates  pricing  Mad 
Hatter  at  $50  to  $100  per  worker,  per 
year. 


■  BY  DENI  CONNOR 

Looking  to  ensure  resource  availability 
and  reduce  the  number  of  hops  in  stor¬ 
age-area  networks,  many  users  are  opting 
for  ever-bigger  storage  switches. 

These  director-level  switches  are  high- 
port  count,  high-availability  boxes  that 
connect  servers,  storage  and  other  fixed- 
port  Fibre  Channel  switches  to  create  a 
SAN.  Many  customers  have  chosen  direc¬ 
tor-level  switches  —  to  build  their  SANs. 
According  to  IDC,  revenue  from  the  sale  of 
director-level  switches  exceeded  $265  mil¬ 
lion  in  2002. 

Chassis-based  switches  comprise  two  cat¬ 
egories:  port-dense  switches  that  have  at 
least  64  ports;  and  director-level  switches, 
which  have  at  least  64  ports  but  also  have 
high-availability  features.  Chassis-based 
switch  vendors  include  Brocade,  Cisco, 
CNT  (formerly  InRange),  McData  and 
QLogic.  Cisco,  CNT  and  McData  also  make 
director-level  switches. 

“Customers  put  in  chassis-mounted 
switches  for  high  availability  for  the  most 
part  and  for  increased  port  densitjC  says 
Eric  Sheppard,  a  senior  analyst  with  IDC. 
Most  chassis-based  switches  have  a  mini¬ 
mum  capacity  of  64  ports  that  are  con¬ 
tained  in  an  enclosure  to  which  additional 
ports  can  be  added. 

“High  availability  means  when  you  have 
a  port  or  component  failure  in  the  chas¬ 
sis,  the  director  can  reassign  and  redirect 
traffic  to  different  ports  to  avoid  any  dis- 


Big  switch 


ruption,”says  Jamie  Gruener,  a  senior  ana¬ 
lyst  with  The  Yankee  Group.  “That  takes 
redundant  fans  and  other  components.” 

When  Denis  Krupennikov,  director  of  IT 
for  Oracle,  was  consolidating  more  than 
40  data  centers  in  his  organization  into 
three  data  centers  in  Redwood  Shores, 
Calif.;  Austin, Texas;  and  Colorado  Springs, 
he  chose  McData  director-level  switches 
for  their  availability 

Bring  down  the  SAN  box 

“Before  we  put  in  the  SAN,  every  time  we 
had  to  make  a  configuration  change  on 
an  EMC  [storage  system]  we  had  to  take 
the  box  and  applications  down,”  Krupen¬ 
nikov  says.“Adding  in  an  EMC  tower  to  the 
network  before  would  require  significant 
downtime  for  the  host  —  connecting 
cables,  etc.  will  take  10  to  12  hours  at  a 
minimum.” 

Krupennikov  has  27  EMC  Symmetrix 
storage  systems  and  more  than  700  Fibre 
Channel  ports.  As  his  network  grows, 
Krupennikov  will  be  able  to  add  addi¬ 
tional  EMC  Symmetrix  systems  without 
disruption. 

“We  needed  to  have  something  more 
flexible  to  reduce  the  downtime  we  have 
on  our  production  ERR  network.  We  de¬ 
cided  to  introduce  director-level  switches 
[from  McData]  between  storage  and 
hosts,  and  do  the  storage  allocation  and 
integration  on  the  SAN  level,”  Krupen¬ 
nikov  says. 

Gruener  says  other  features  of  director- 


level  switches  make  them  ripe  for  adop¬ 
tion. “Several  characteristics,  such  as  per¬ 
formance  and  needing  support  for 
[Fibre  Connection],  drive  the  adoption 
of  director-level  switches,  as  well  as  con¬ 
solidating  how  you  manage  the  fabric  as 
a  whole,”  Gruener  says.  Fibre  Connection 
lets  users  attach  their  SANs  to  IBM  main¬ 
frame  computers. 

Managing  a  consolidated  storage  net¬ 
work  was  top  priority  for  Peter  Kahlen- 
berg.vice  president  of  DWS  Investments,  a 
subsidiary  of  Deutsche  Bank  Gruppe  in 
Frankfurt,  Germany 

Kahlenberg  installed  his  SAN  in  2001 
“with  the  thought  of  consolidating  differ¬ 
ent  data  centers  into  one  big  data  center]’ 
he  says. 

He  chose  four  64-port  CNT  FC/9000 
Fibre  Channel/FICON  Directors  to  consol¬ 
idate  “storage  from  different  platforms  like 
Novell,  Windows  NT,  Windows  2000  and 
AIX,  and  to  save  administrators  work 
because  we  have  only  one  platform 
where  we  can  administer  our  storage  and 
our  back-up  device.” 

In  each  data  center,  Kahlenberg  placed 
two  FC/9000s  for  redundancy  —  each  site 
replicates  data  over  1.8  miles  to  the 
other  data  center  for  business-continuity 
purposes. 

He  expects  to  grow  his  SAN  without 
compromising  on  his  plan  to  use  director- 
level  switches. 

“We’ve  never  used  smaller  switches. 

See  Director,  page  22 


IDC  says  chassis-based  switching  consists  of  traditional  director-level  switches  from 
CNT  and  McData,  and  high-port  density  switches  from  Brocade  and  QLogic. 


Vendor 

Product 

Max. 

number 

ports 

Minimum 
expansion  port 
increment 

Protocols  supported 

Upcoming  event 

Market 

Share 

2002  (IDC) 

Brocade 

Silkworm  12000 

128 

12 

1G  and  2G  bit/sec  Fibre 
Channel,  FICON 

Support  for  iSCSI,  FICON, 
storage  virtualization 

29.2% 

Cisco 

MDS  9000  Series 
Multilayer 
Director  Switchl 

256 

6 

1G  and  2G  bit/sec  Fibre 
Channel,  iSCSI,  FCIP 

Storage  virtualization 

0%* 

CNT 

FC/9000  Fibre 

Channel/FICON 

Director 

256 

8 

1G  and  2G  bit/sec  Fibre 
Channel,  FICON 

Support  for  iSCSI,  FCIP, 
storage  virtualization 

15% 

McData 

Intrepid  6064  and 
6140 

64  and 

140 

4 

1G  and  2G  bit/sec  Fibre 
Channel,  FICON 

Support  for  FCIP,  iSCSI  and 
storage  virtualization 

55.8% 

QLogic 

SANbox2-64 

64 

8 

2G  bit/sec  Fibre  Channel 

iSCSI 

0%* 

Cisco  and  QLogic  did  not  start  shipping  until  2003 
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We  can.  And  that’s  why  we  have  more  Linux -related  hardware,  software  and  service 
solutions  than  anyone.  With  thousands  of  Linux  customer  engagements  to  our  credit,  we 
have  the  scope,  knowledge  and  experience  to  help  with  Linux  solutions  for  your  world, 
To  learn  more  about  IBM,  Linux  and  (©  business  on  demand  visit  ibm.com/linux/seeit 
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States  atKl  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  @2003  IBM  Corporation.  AH  rights  reserved. 
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The  human  body  is  amazingly  efficient.  So  is  an  IBM  eServer 
xSeries®  system  running  Linux®  Powered  by  Intel*  Xeon™ 
processors,  xSeries  servers  for  Linux  can  have  low  start-up 
costs.  Low  admin  costs.  Low  overall  costs.  Helping  you  to 
improve  your  business  efficiency.  For  an  DC  white  paper  on 
Linux  and  Intel  processor-based  servers,  go  to  the  URL  below. 

eServer;  servers  for  on  demand  business. 

Can  you  SGG  it?  See  it  at  ibm.com/eserver/efficiency 


IBM  eServer  xSeries  for  Linux 

•  Tower,  racks,  blades 

•  1-way  to  8-way 

•  Built-in  self-managing  capabilities 

•  3,500  xSeries  Linux-enabled 
applications 
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Microsoft’s  contribution  to  the  ‘jobless  recovery’ 


Historically  economists  tell  us,  a  key 
element  and  indicator  of  an  eco¬ 
nomic  recovery  is  a  rebound  in  the 
job  market  —  except  this  time  around. 
Our  current  “jobless  recovery”  they  say  is 
due  in  part  to  the  fact  that  corporations 
actually  are  gaining  benefit  from  the  tech¬ 
nology  they’ve  bought  over  the  years. 
Microsoft,  being  no  small  part  of  that, 
might  be  making  an  inadvertent  but 
important  contribution. 

Many  companies,  especially  those  in  the 
hardest-hit  technology  sector,  got  through 
“trimming  the  fat”  a  long  time  ago.  When 
economics  dictated  further  cuts,  many 
companies  had  to  trim  essential  services 
—  such  as  IT  departments. 

For  my  two  decades  in  the  business,  IT 
executives  have  been  trying  to  convince 
senior  management  that  the  IT  depart¬ 
ment  was  NOT  a  cost  center  but  rather 
should  be  treated  strategically  as  a  profit 
center  or  at  least  a  profit-center  enabler. 

Unfortunately,  when  times  are  tight, 
those  same  senior  executives  are  quick  to 
notice  that;  1)  the  IT  guys  aren’t  directly 
involved  in  selling  Product  X;  2)  the  IT 
guys  aren’t  directly  involved  in  making 
Product  X;  and  3)  the  IT  guys  get  paid  a  lot 
of  money  (or  at  least  they  used  to  get  paid 


a  lot  of  money)  .Thus,“cutting  to  the  bone” 
in  this  downturn  meant  downsizing  IT  for 
many  companies. 

Given  how  quickly  a  small  problem 
(bad  disk)  can  become  a  big  problem 
(corrupted  database  on  said  bad  disk), 
most  IT  managers  are  understandably 
reluctant  to  hand  pink  slips  to  those  work¬ 
ing  in  the  bowels  of  the  data  center.  But, 
this  time,  there  was  often  no  choice  but  to 
do  just  that. 

Remarkably,  though,  the  press  has  not 
been  filled  with  horror  stories  about  data 
centers  run  amok  or  companies  losing 
revenue  —  or  even  customers  —  because 
their  now-understaffed  IT  department 
can’t  keep  systems  up  and  online.  In  an 
echo  of  Y2K,  reality  was  not  nearly  as  bad 
as  what  people  feared. 

Just  as  massive  preparation  made  Y2K  a 
yawner,  I  believe  that  long-term  improve¬ 
ments  of  Microsoft’s  key  system  compo¬ 
nents  —  Windows  2000/2003,  Internet 
Information  Server  5/6  and  Exchange 
2000/2003  —  made  for  a  soft  landing  for 
companies  that  found  themselves  short- 
handed  in  the  IT  department. 

Whereas  products  such  as  NT  3.51  and 
NT  4,  and  especially  Exchange  5.5, 
required  excessive  care  and  feeding,  the 
current  products  (though  far  from  per¬ 
fect)  can  run  for  weeks  —  or  months  — 
without  a  reboot  and,  assuming  you’ve  got 
automated  backup,  with  little  or  no 
human  intervention. 

Anyone  who’s  followed  my  column  over 
the  years  knows  that  I’ve  taken  Microsoft 


to  task  many  times  over  various  short¬ 
comings  in  its  Enterprise  product  offer¬ 
ings.  But,  to  be  fair  to  the  company  I  cer¬ 
tainly  can’t  just  ignore  it  has  made  im¬ 
provements  that,  ultimately,  translate  into 
higher  quality  and  lower  cost-of-owner- 
ship  for  Enterprise  customers. 

Many  of  the  facilities  that  Microsoft 
offers  for  managing  its  Enterprise  prod¬ 
ucts  are  not  all  that  new.  Scripting, 
Windows  Management  Infrastructure  and 
terminal  services  have  been  around  for  a 
while  —  if  not  part  of  the  base  operating 
system  then  as  downloadable  add-ons. 

When  IT  staff  was  abundant,  many  shops 
chose  not  to  invest  time  and  effort  to  learn 


and  configure  these  management  tools. 
After  all,  you  always  had  someone  in  the 
data  center  or  on  call  to  walk  over  to  a 
machine  and  perform  whatever  restarts, 
reboots  or  reloads  that  were  needed. 

Today  many  companies  are  learning 
that  using  the  new-generation  products  in 
conjunction  with  remote  access  and  auto¬ 
matic  scripting  facilities  can  allow  one  IT 
professional  to  do  the  work  that,  in  the 
past,  took  several  to  accomplish. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan.NJ.  He  can  be 
reached  at  ktolty@tolly.com. 


Director 

continued  from  page  17 

because  of  the  problem  that  you  have  to 
connect  smaller  switches  to  other  switches 
for  switch-to-switch  communication  and 
that’s  where  you  lose  a  lot  of  interconnect 
ports,  so  the  availability  of  that  is  really 
bad,”  Kahlenberg  says. 

“If  you  have  a  lot  of  inter-switch  links  sep¬ 
arating  servers  and  storage,  there  is  always 
latency  bringing  data  from 
the  server  to  the  storage,” 
he  says. 

What’s  the  future  of 
director-level  switches? 

It’s  a  changing  market 
now  that  Cisco  is  ship¬ 
ping  Fibre  Channel 


switches,  analysts  say. 

In  2002,  IDC  says  McData  led  the  chassis- 
based  market  with  a  55.8%  market  share, 
followed  by  Brocade  with  29.2%  and  CNT 
with  15%. 

These  figures  don’t  count  for  Cisco  and 
QLogic,  which  each  shipped  64-port  or 
greater  Fibre  Channel  switches  this  year. 

Analysts  say  Cisco  is  going  to  gain 
ground  quickly  in  this  market. 

Gruener  expects  Cisco  to  gain  12%  to 
15%  of  the  Fibre  Channel 
switch  market  by  year- 
end.  Cisco  itself  is  no  less 
humble  in  its  aspirations 
—  its  CEO  John 
Chambers  says  the  com¬ 
pany  will  be  No.  1  or  2  in 
SANs.B 
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You  Need  Belden  s  New  DalaTwist"  600e  — 

The  Only  Network  Cable  That  Guarantees  Performance  Beyond  Category  6  Standards. 

Suddenly,  as  quickly  as  Category  6  cable  performance  standards  have  been  adopted.  Belden 
has  made  them  obsolete.  DataTwist  600e  UTP  networking  cable  was  developed  not  only  to  meet 
Category  6  standards,  but  also  to  provide  significant  amounts  of  headroom  above  and  beyond 
them  —  guaranteed.  It’s  the  industry's  on// UTP  cable  with  guaranteed  performance  to  600  MHz. 

The  secret?  Belden's  unique,  patented  Bonded-Pair  technology  that  ensures  uniform  conductor- 
to-conductor  spacing  to  eliminate  performance-robbing  gaps  between  pairs. ..coupled  with 
the  patented  e-Spline  design  that  provides  consistent  pair-to-pair  spacing 
by  placing  pairs  in  individual  chambers. 

•  8  dB  of  Power  Sum  NEXT  headroom  over  Category  6  —  guaranteed. 

•  Nearly  5  dB  of  return  loss  improvement  over  Category  6 

...nnknii  .  j  OuPonI  is  the  sole 

at  1 00  MHz  —  guaranteed.  supplier  oi  fep  Teiion 

insulalion  malenal  used 

•  An  attenuation  margin  over  Category  6  standards  —  guaranteed.  in  ihe  plenum  produci 

•  Positive  Power  Sum  ACR  to  460  MHZ  — -  guaranteed. 

All  of  which  means  better  and  faster  performance  tor  you.  .  \  \  \  II 

For  more  information  Call1-800-BELDEN-4  to  get  your  _  ,  \  \ 

fHEE  copy  ot  \he  DataTwist  600e  New  Product  Bulletin.  ^  \  / 

WWW. belden. com/DT600eNW.pdt  \ 
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BODYGUARD 

Protect  your  information  with  EMC  CLARiiON: 
Disk-based,  confidence-boosting  backup 


EMC  CLARiiON  CX  SERIES 


EMC  CLARiiON®  systems  and  software  deliver  the  reliability  and  flexibility  growth- 
oriented  companies  need  to  manage  ever-increasing  amounts  of  information.  To  learn 
more  about  reliable  backup  and  recovery,  get  “Stepping  Up  to  Disk-Based  Backup”  at 

www.EMC.com/growthcompanies  or  1-866-796-6369. 
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Find  an  authorized  EMC  business  partner  at 
www.EMC.com/partnersalliances. 
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TO  Disk-Based 
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INFRASTRUCTURE:  Keeping  wireless  networks  secure, 


Users  face  complex  challenges 


WLAN  security: 

■  BY  JOHN  COX 

Not  long  ago,  the  complaint  heard  about  wireless 
LAN  security  was  that  there  wasn’t  enough  of  it. 

Now  there’s  almost  too  much. 

Network  executives  today  face  a  bewildering  number  of 
approaches  to  solve  what’s  been  a  consistent  hot-button 
i-ssue  for  them.  As  a  result,  once  you  get  past  some  basic 
recommendations,  best  practices  in  WLAN  security  hinge 
on  your  specific  security  needs  and  the  technologies  you 
choose  to  satisfy  those  needs. 

“The  right  question  to  ask  is  not  ‘which  one’  [of  these 
security  products  to  choose] ,  but ‘how  do  1  best  meet  my 
specific  security  needs?”’says  Brian  Mansfield,  founder  of 
The  Mansfield  Group,  a  consulting  and 
training  company  specializing  in  WLAN 
security“lt  becomes  obvious  to  these  deci¬ 
sion  makers  that  there  is  no  one  good  solu¬ 
tion.  Each  of  them  has  their  pluses  and 
minuses.” 

WLAN  security  adds  a  level  of  complexi¬ 
ty  to  corporate  networks.“The  security  skill 
sets  [for  companies]  are  more  and  more 
critical  today  than  ever  before,”  says  Tim 
Stettheimer,  CIO  for  St. Vincent’s  Hospital,  a 
338-bed  hospital  in  Birmingham, Ala., 
which  has  a  site-wide  WLAN  of  about  170 
access  points. 

“You  have  to  be  extremely  aware  of  what 
your  network  is  designed  to  be  and  [then] 
design  your  [wireless]  security  to  corre¬ 
spond  to  that,”  he  says.“This  is  one  of  the 
most  complex  issues  in  IT  today’ 

Wireless  experts  and  network  managers 
quickly  can  run  off  a  basic  set  of  routine, 
low-level  steps  to  help  secure  W1  ANs. 

These  typically  include: 

•  Turning  on  basic  Wired  Equivalent  Privacy  (WEP) 
encryption  for  all  access  points. 

•  Create  a  list  of  media  access  control  (MAC)  addresses 
that  are  allowed  to  access  the  WLAN. 

•  Use  a  dynamic  encryption  key  exchange  method  as 
implemented  by  various  security  vendors. 

•  Keep  software  and  patches  on  access  points  and 
clients  up  to  date. 

•  Create  access  point  passwords  that  can’t  be  guessed 
easily 

•  Change  the  Service  Set  Identifier  on  the  access  point, 
and  block  the  SSID  broadcast  feature. 

•  Minimize  radio-wave  leakage  outside  your  building 
through  access  point  placement  and  antenna  selection. 

Even  this  basic  group  of  security  practices  isn’t  set  in 
stone.  MAC  address  access  lists  quickly  become  unman¬ 
ageable,  as  WLANs  grow  beyond  a  few  score  of  access 
points. Vendor-specific  dynamic  key  exchange  methods 
typically  bring  a  set  of  trade-offs  that  you  need  to  weigh 
before  buying  into  that  vendor’s  products,  such  as  what 
client  of)erdting  systems  are  supported. 

Keeping  software  up  to  date  on  access  points  means 
you  already  have  such  a  program  in  place  for  your  com¬ 
puters  and  network  gear.  The  WLAN  devices  become 
incorporated  into  that  existing  security  defense. 

Wirek*ss  security  practices  need  to  fit  with  existing 


enterprise  security  architectures,  even  as  they  address 
unique  issues:  securing  radio  transmissions  or  handing 
off  authentication  and  access  privileges  as  a  user  moves 
among  different  access  points. 

As  Microsoft  began  deploying  its  internal  WLAJN  last 
year,  one  of  the  corporate  mandates  was  for  wireless 
security  to  be  based  on  Microsoft’s  public-key  infrastruc¬ 
ture  (PKI).  PKl  is  a  set  of  security  services  for  authentica¬ 
tion,  encryption  and  digital  certificate  management.“PKI 
is  a  significant  investment,”  says  Don  Berry  senior  network 
engineer  with  Microsoft’s  operations  and  technology 
group. 

To  use  PKI,  a  laptop  user  powers  up  the  wireless  net¬ 
work  interface  card,  which  associates  to.  a  closed  port  on 


a  nearby  access  point.  Before  being  allowed  onto  the  net¬ 
work,  the  user  is  authenticated  via  a  RADIUS  server  and 
domain  controllers.  Only  then  does  the  access  point 
open  a  port  to  the  network. 

Microsoft  first  deployed  WEP  encryption,  even  though 
engineers  knew  WEP  was  not  a  long-term  solution. 
Microsoft  worked  with  Cisco  to  burn  or  load  the  WEP 
keys  into  the  adapter  card  firmware,  to  minimize  the 
number  of  people  who  could  have  access  to  them. 

Then  the  operations  group  began  working  with 
Microsoft’s  representatives  at  IEEE,  where  a  working  group 
was  drafting  the  802. lx  port-based  authentication  stan¬ 
dard,  which  uses  the  Extensible  Authentication  Protocol 
(EAP)  framework.They  also  began  working  with  Cisco  to 
create  a  specific  EAP  method  called  Protected  EAP 
(PEAP);  and  with  the  Windows  development  group  to 
incorporate  these  into  the  Windows  XP  operating  system. 

Not  everyone  enjoys  these  kinds  of  resources  and  part¬ 
nerships.  Berry  points  out,  not  to  mention  what  he  called 
the  “pure,  homogeneous  desktop  [and  laptop]  environ¬ 
ment.” 

As  in  many  other  large  deployments,  Microsoft’s  best 
practices  reflect  the  idea  of  defense  for  WLANs.“We 
scan  every  MAC  address  every  30  minutes,”  Berry  says. 
The  data  is  dumped  into  a  database  for  analysis.  If  an 
unauthorized  address  is  found,  the  port  it’s  using  is  shut 


down  automatically 

St. Vincent’s  blends  routine  low-level  practices  such  as 
blocking  SSID  broadcasts,  coupled  with  practices  such  as 
regular  perimeter  checks  of  the  airwaves  using  Fluke 
Electronics’  OptiView  network  analyzer. This  handheld 
device  analyzes  radio  waves,  and  can  detect  unautho¬ 
rized  access  points  for  clients.  Data  can  be  transferred  for 
storage  and  analysis  to  a  companion  program  running  on 
a  Windows  PC. 

The  hospital  uses  Wavelink’s  Mobile  Manager  software 
for  administering  WLANs.The  software  can  detect  any 
change  in  an  access  point’s  configuration.“The  software 
compares  the  required  configuration  with  what’s  actually 
there,” Stettheimer  says.“MobileManager  will  change  it 

automatically  to  match  what  it  should  be. 
Then  it  sends  an  alert  to  the  administratorr 
Wireless  authentication  relies  on  the  hos¬ 
pital’s  existing  RADIUS  servers.  But  St. 
Vincent’s  has  taken  this  a  step  further,  mar¬ 
rying  authentication  with  virtual  LANs 
(VLAN)  .VLANs  group  clients  logically 
based  on  criteria  such  as  department,  type 
of  user  or  application,  on  top  of  a  physical 
network  infrastructure.“Once  you  are 
authenticated  to  the  RADIUS  servers,  the 
access  point  associates  your  wireless  card 
with  a  virtual  LAN,”  Stettheimer  says.  By 
doing  so,  users  logging  on,  in  effect,  inherit 
a  given  set  of  network  services,  resources, 
access  privileges  and  so  on. 

“The  security  trend  now  is  to  segment 
your  user  groups,  and  then  apply  [to  the 
group]  specific  security  technologies  that 
are  appropriate  to  each  group,”  Mansfield 
says. 

According  to  Mansfield, security  prac¬ 
tices  in  corporations  tend  to  be  coalescing 
around  products  from  a  fast-growing  and  young  group  of 
vendors.They  include  products  from  security  controller 
companies  such  as  Bluesocket,  ReefEdge  and  Vernier 
Networks,  to  new  WLAN  switch  builders,  such  as 
Airespace,  Aruba  Wireless  Networks,Trapeze  Networks 
and  Vivato,and  VPN  vendors  such  as  Columbitech  and 
Ecutel  that  focus  on  wireless  networks. 

But  security  practices  will  have  to  be  thought  out  in 
terms  of  the  trade-offs  that  each  product  brings  with  it. 
“Some  of  these  products  have  very  dense  feature  sets,” 
Mansfield  says.“Others  are  designed  to  plug  in  (to  a 
WLAN]  and  be  set  up  quickly,  but  their  functionality  is 
much  more  limited." 

As  a  result,  wireless  security  practices  will  have  to  take 
into  account  things  such  as  how  much  user  interaction  is 
needed,  what  tech  support  resources  are  needed,  what  is 
the  compatibility  between  different  types  of  EAP  meth¬ 
ods,  and  how  does  authentication  via  802.  lx  with  vendor- 
specific  VPN  authentication  schemes  compare. 

Some  users  welcome  the  possible  end  of  what  one 
called  “frankenparts” —  cobbling  together  a  security 
architecture  and  a  set  of  best  practices  based  on  prod¬ 
ucts  from  several  vendors.  But  others  see  the  multiplicity 
of  choices  as  a  benefit.The  numerous  choices  compel  a 
systematic  security  approach  that  uses  existing  resources 
while  being  flexible  enough  to  meet  new  standards.  ■ 


Best  practices?  Write  your  own 

Experts  say  there’s  no  one-size-fits-all  set  of  best  security  practices 
for  wireiess  LANs.  The  basic  security  needs  can  be  satisfied  with  products 
based  on  different  technoiogies.  So  your  best  practices  wiil  vary, 
depending  on  a  host  of  variables. 


1 1.  Basic  need 

2.  Basic  strategy 

3.  Basic  technologies 

•  Authenticate 

•TreatWLAN  security 

•  Wi-Fi  Protected  Access  fix  basic 

clients  and 

as  one  part  of  overall 

WLAN  flaws. 

access  points. 

enterprise  security. 

•  Variations  on  Extensible  Authentication 

•  Encrypt 

•  Create  a  multi- 

Protocol  for  authentication  and  key 

wireless 

layered  WLAN 

management,  with  IEEE  802.1x. 

transmissions. 

security  framework. 

•  VPN,  associated  technologies  imple- 

•  Administer 

i  •Take  nothing  for 

mented  via  controllers  or  wireless 

central  security 

granted. 

switches. 

policies. 

•  Stay  flexible  to  meet 
changing  risks  and 
i  threats.  i 

•  Future  IEEE  802.11i,  incorporating 

802.1x  authentication,  and  Advanced 
Encryption  Standard. 

>  9:32  am.  Martha  Watson  counts  over  1,200  name  brands  in  order  to  justify  the  word  "more"  to  the  legal  department. 
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The,  secret  to  a  secure  enterprise  lies  in  not  just  monitoring  the  parts,  but  managing  it  as  a 
whole.  That's  exactly  what  eTrusr  lets  you  do.  In  fact,  our  eTrust™  Security  Command  Center 
is  the  perfect  solution  to  security  information  overload.  It  gives  you  the  big  picture  from  a  single 
vantage  point,  with  all  your  event  information  prioritized.  So  you  can  identify  actual  internal 
and  external  threats  before  they  can  wreak  havoc.  Anything  less  would  be,  well,  alarming. 
For  more,  information  on  securi.v  ^  c:naaement,  a:  ::  ::  .a:  ^  .  -  .  . 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


IBM  boosts  portal  collaboration  features 


■  BY  JENNIFER  MEARS 

IBM  says  the  latest  version  of  its  Web¬ 
Sphere  portal  will  be  easier  for  businesses 
to  install  and  gives  them  broader  capabili¬ 
ties  to  collaborate  across  heterogeneous 
applications. 

Among  the  updates  in  WebSphere  Portal 


■  BY  TIM  GREENE 

Funk  Software  is  cutting  down  on  the 
amount  of  firewall  reconfiguration  that 
customers  have  to  perform  in  order  to  use 
its  venerable  remote-control  software. 

The  company’s  Proxy  4.1  version  now 
supports  TCP/IP  and  User  Datagram  Proto- 
col/IBnot  just  UDP/ipthe  protocol  that  the 
software  has  supported  since  1993.  This 


■  NetLedger  last  week  added  the 
back  office  to  its  front-office  line  of 
hosted  enterprise  software  with  the 
introduction  of  NetERP,  which  sup¬ 
ports  supply-chain  management  and 
the  deployment  of  e-commerce  Web 
sites.  NetERP  ties  procurement,  in¬ 
ventory,  order  management  and 
billing  processes  together  into  one 
hosted  application.  NetERP  adds 
specific  support  for  wholesalers  and 
distributors,  and  deployment  of  Web- 
based  e-commerce.  The  application 
also  features  a  customizable  "dash¬ 
board”  to  provide  insight  into  supply- 
chain  information  for  internal  and 
external  users.  NetERP  will  be 
offered  as  a  separate  product  or  as 
an  upgrade  to  NetSuite,  which  in¬ 
cludes  NetLedger’s  NetCRM  offering 
for  the  front  office.  The  hosted  soft¬ 
ware  starts  at  $4,800  per  year  and 
includes  a  license  for  one  user. 
Additional  users  cost  $75  per  user, 
per  month.  NetERP  is  scheduled  to 
ship  later  this  month  as  an  upgrade 
to  NetSuite.  The  stand-alone  version 
is  scheduled  to  ship  in  September. 


5.0  are  enhanced  search  capabilities,  a 
simpler  installation  process, and  an  out-of- 
the  box  document  management  feature 
that  lets  users  share  and  collaborate  on 
business  information  such  as  financial 
reports  and  sales  documents  from  within 
the  portal. 

IBM  says  it  is  increasing  the  ability  for  cus- 


makes  it  possible  to  start  remote-control 
sessions  via  the  common  TCP  Port  1505, 
which  in  most  cases  requires  no  changes 
to  firewall  parameters. 

While  the  company  says  user  demand 
drove  the  TCP/IP  support  and  that  it  helps 
boost  security,  it  also  comes  with  a  down¬ 
side.  Customers  manually  have  to  input  the 
names  or  addresses  of  the  remote  host 
machines  when  they  use  the  TCP  option. 
With  UDP  they  can  broadcast  a  poll  and 
remote  hosts  respond,  filling  the  address 
book  of  the  master  machine. 

That  might  be  a  good  trade-off,  says 
Charles  Melidosian,vice  president  and  CIO 
of  real  estate  services  company  Baird  & 
Warner  in  Chicago,  which  uses  Proxy  as  a 
help  desk/training  tool  for  35  branch 
offices.“We  might  tweak  the  ports  left  open 
[in  our  firewall]  and  change  them  to 
uncommon  ports  to  make  it  more  resistant 
to  port  scanning,”  he  says. 

The  company  also  has  added  features 
that  make  common  uses  of  the  software 
simpler.  Proxy  now  allows  clipboard  trans¬ 
fer  from  master  to  host  and  vice  versa. 
Baird  &  Warner  used  to  copy  error  dialog 
boxes  from  remote  machines  into  text  files 
and  then  e-mail  those  files  to  vendors  to 
help  solve  problems.  Now  they  can  be  cut 
and  pasted,  saving  time,  Melidosian  says. 

The  new  version  allows  transfer  of  a 
series  of  files  or  an  entire  directory  and  its 
subdirectories  all  at  once  rather  than  one 
file  at  a  time  as  in  Proxy’s  earlier  versions. 
“Before  what  would  happen  is  you’d  miss  a 
folderrhesays. 

Proxy  competes  against  Symantec’s 
pcAnywhere  and  Computer  Associates’ 
Control  IT,  among  others.  The  company 
acknowledges  that  it  is  adding  features 
aggressively  to  catch  up. 

The  new  version  supports  screen  blank¬ 
ing,  so  the  host  monitor  doesn’t  display 
what  the  remote  administrator  is  doing, 
thereby  preventing  the  user  on  the  host 
machine  from  trying  to  undo  what  the 


tomers  to  automate  interactions  among 
applications  so  information  created  during 
business  processes  will  be  shared  automat¬ 
ically  among  relevant  applications. 

With  WebSphere  Portal  5.0,  users  can  set 
up  predefined  relationships  among  appli¬ 
cations  so  that  information  created  in  a 
human  resources  application  would  be 


Three  in  control 

Corporations  will  buy 

$330 

million  worth  of  remote- 
control  software  for  file 
transfers,  for  database 
queries  and  as  a  help  desk 
tool  this  year.  Altiris, 
Computer  Associates  and 
Symantec  accounted  for 
more  than  75%  of  remote- 
access  sales  in  2001. 

SOURCE:  IOC 


administrator  has  done,  the  company  says. 

Funk  also  has  added  a  graphical  tool  to 
shut  off  unnecessary  visual  effects  that  eat 
up  bandwidth,  such  as  wallpaper,  screen 
savers  and  mouse  shadowing.  Eliminating 
these  features  during  remote-control  ses¬ 
sions  reduces  the  amount  of  data  that  has 
to  be  sent  over  the  wire  to  the  master 
machine,  effectively  speeding  response 
time.  Funk  says.  Proxy  had  this  feature 
before,  but  it  required  manually  changing 
registry  keys. 

Proxy  4.1  addresses  some  known  prob¬ 
lems  with  earlier  versions,  such  as  interfer¬ 
ence  between  Proxy  and  Microsoft’s  Sys¬ 
tems  Management  Server  (SMS)  agents. 
The  two  applications  vied  for  the  same 
resources,  so  Proxy  made  no  connection 
or  failed  to  install.  So  in  Version  4.1,  Funk 
rewrote  Proxy  to  run  alongside  SMS  with¬ 
out  interfering. 

A  release  of  the  software  scheduled  for 
later  this  year  will  add  a  GUI  for  auto¬ 
deploying  Proxy  and  Proxy  updates. 

Proxy  4.1  costs  $2,200  for  a  100-host 
license.* 


sent  automatically  to  a  finance  applica¬ 
tion.  Previously,  users  had  to  set  up  con¬ 
nectors  for  each  business  process. 

Since  it  entered  the  market  about  two 
years  ago,  IBM  has  focused  on  using  its  por¬ 
tal  to  create  a  workspace  for  employees  to 
access  the  information  and  applications 
they  need  from  one  Web  interface. 

Last  year,  IBM  introduced  a  number  of 
enhancements  to  the  portal  including  col¬ 
laboration  and  content-management  capa- 
bilities,and  a  feature  called  Click-to-Action, 
which  lets  users  specify  relationships 
between  applications  that  are  surfaced  in 
the  portal  through  portlets. 

In  the  latest  release,  IBM  refines  those  fea¬ 
tures  and  continues  its  efforts  to  make  the 
portal  a  crucial  part  of  how  business  is 
done,  analysts  say 

“This  release  is  more  focused  on  refine¬ 
ment  than  introducing  a  whole  lot  of  new 
features,” says  Laura  Ramos,  an  analyst  with 
Forrester  Research. 

“Now  the  WebSphere  Portal  Server  is  part 
of  the  Lotus  organization, and  it  is  aimed  at 
becoming  the  platform  for  delivering  a  lot 
of  the  collaboration  and  human  interac¬ 
tion  capability  that  you’re  going  to  see  in 
the  Lotus  Workplace,”  Ramos  says.  “To  do 
that,  IBM  had  to  focus  on  things  like  instal¬ 
lation, just  making  it  a  little  bit  more  stream¬ 
lined  and  easier  to  get  all  of  the  different 
parts  installed.” 

Patty  Stibbs,  practice  administrator  at  the 
Plastic  Surgery  Center  of  Hampton  Roads 
in  Newport  News,  Va.,  has  used  the 
WebSphere  Fbrtal  since  January  to  stream¬ 
line  work  within  the  clinic. 

“We  found  that  through  the  ease  of  com¬ 
munication  that  we  get  through  Web¬ 
Sphere  we’re  able  to  keep  data  moving 
throughout  the  office  without  having  to 
reinvent  the  wheel,”  she  says. 

She  says  she  is  looking  forward  to  the 
ability  to  create  interrelationships  among 
applications  in  the  new  release. 

“We  used  to  have  to  log  on  to  everything. 
We  want  to  look  at  streamlining  things  a  bit 
for  the  various  activities  going  on  such  as 
marketing,  billing,  patient  registration  and 
services,”  she  says.“Everybody  has  bits  and 
pieces  they  use,  and  this  will  be  a  good 
opportunity  to  bring  that  together/ 

Stibbs  also  says  the  document  manciger 
feature  will  make  it  easier  for  doctors  to 
collaborate  on  confidential  patient  data, 
“There  is  lots  of  opportunity  for  things  to  be 
moved  around  electronicall>(  she  says. 

Features  such  as  those  in  WebSphere 
See  WebSphere,  page  30 


Funk  eases  remoteeontrol  installations 
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I  AM  MORE  TALK 
AND  LESS  WALK. 

I  HAVE  MORE  WAYS  OF  GETTING  PEOPLE  TALKING.  BUT  I  AM  NOT  ALL  TALK. 
I  AM  VOICE  AND  DATA,  BOTH  ON  THE  SAME  TEAM.  I  HAVE  THE  POWER  TO 
PUNCH  TIME  CLOCKS,  LISTEN  TO  EMAIL  AND  SCHEDULE  APPOINTMENTS. 

I  HAVE  THE  POWER  TO  SAVE  VALUABLE  MILEAGE  ON  OFFICE  MOVES  AND 
I.T.  STAFF  SHOES.  I  AM  A  SECURE,  PINT-SIZED  PRODUCTIVITY  EXPERT  THAT 
DELIVERS  SUPER-SIZED  ROI.  I  AM  MORE  THAN  A  CISCO  7960G  IP  PHONE. 
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The  state  of  Maryland  might  have 
decided  that  efficiency  is  more 
important  than  democracy.  I  am 
quite  sure  many  in  the  state  don’t  see  it 
that  way,  but  one  must  judge  the  results  of 
actions  not  just  what  might  have  been  in 
the  minds  of  the  people  who  made  the 
decisions. 

In  December  2001,  reacting  in  part  to  the 
Rorida  election  process  in  the  last  presi¬ 
dential  election,  Maryland  decided  to  go 
with  an  all-electronic  voting  system.The  sys¬ 
tem,  built  by  Diebold  Election  Systems,  was 
touted  as  the  “most  robust  and  flexible  sys¬ 
tem  on  the  market.” 

Maryland  Secretary  of  State  John  Willis 
touted  the  system’s  “accuracy  of  capturing 
voter  intent.”  He  also  said  the  system  would 
“give  Marylanders  the  opportunity  and 
confidence  that  they  now  use  at  the  gas 
pump  and  the  supermarket  checkout.” 


‘Go  away,’  he  explained 


Just  maybe  these  folks  were  just  a  touch 
overenthusiastic  in  their  praise.  Research¬ 
ers  at  Johns  Hopkins  University  published 
a  report  on  the  software  the  Diebold  sys¬ 
tem  apparently  uses.  The  report  (http:// 
avirubin.com/vote.pdf)  doesn’t  paint  a 
pretty  picture.  The  software  —  an  old  ver¬ 
sion,  according  to  Diebold  —  shows  a 
breathtaking  disregard  for  even  the  rudi¬ 
ments  of  computer  security  The  Johns 
Hopkins  report  comes  on  the  heels  of  a 
very  thoughtful  story  in  the  August  2003 
issue  of  the  Communications  of  the  ACM 
titled  “Voting  and  technology:  Who  gets  to 
count  your  vote?”  It  also  comes  on  the 
heels  of  more  than  900  computing  profes¬ 
sionals  signing  a  petition  asking  for  a  sim¬ 
ple  function  not  included  in  the  system 
Maryland  selected  (see  www.nwfusion 
.com,  DocFinder:  7035). 

But  this  column  is  not  actually  about  the 
issues  with  the  particular  Diebold  system 
(which  Diebold  tries  to  address  in  a  report 
on  its  Web  page,  www.diebold.com/techni- 
cal.htm) .  Nor  is  it  about  the  inability  for  vot¬ 
ers  to  have,  as  the  ACM  story  put  it),“strong, 
affirmative  proof  that  elections  are  accu¬ 
rate  and  honest.”  This  column  is  about  the 


reactions  of  people  involved  in  the  deci-  j 
sion  to  use  the  Diebold  system. 

The  best  example  of  the  reaction  is  from 
the  now  ex-Maryland  Secretary  of  State 
Willis,  who  is  reported  in  The  Washington 
fbst  to  have  called  the  report  “technical 
hysteria.”  It  is  sad,  at  best,  when  someone 
whose  past  position  should  demand  that 
he  be  almost  obsessive  in  the  quest  for  a 
system  the  voters  could  trust,  but  yet  is 
apparently  more  concerned  with  justifying 
a  past  decision  than  for  making  sure  of  the 
system  he  helped  select  by  calling  for  a 
well-justified  review  by  experts. 

There  are  times  when  the  right  reaction  is, 
“let’s  check  that  out,”  rather  than  “go  away 
and  don’t  confuse  me  with  the  facts.”Voting 
is  not  the  same  as  buying  a  bag  of  chips  at 
the  grocery  store;  it  is  the  foundation  of 
democracy  and  deserves  better  protection. 

Disclaimer:  The  new  regime  at  Harvard  is 
more  interested  in  looking  anew  at  things 
than  going  with  old  justifications  but  it  has 
not  expressed  a  view  on  voting  systems. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


■  BY  PAUL  FERRILL 


Remote-control  software  products  have 
been  around  for  a  long  time.  Symantec 
acquired  pcAnywhere  in  1991  with  its  pur¬ 
chase  of  Dynamic  Microprocessor  Associ¬ 
ates.  Microsoft  incorporated  into  its  operat¬ 
ing  system  many  functions  included  in  the 
early  versions  of  this  program  type,such  as 
remote  troubleshooting.  Windows  2000 
and  later  versions  let  IT  managers  remote¬ 
ly  manage  other  computers  with  the  same 
tools  used  to  manage  local  machines. 

Tlie  obvious  question  becomes,  “Why 
pay  for  something  that  comes  with  the 
operating  system?”  Symantec’s  answer  is  to 
offer  more  features  and  enhancements. 

One  of  the  most  painful  and  often  most 
timeconsuming  parts  of  deploying  soft¬ 
ware  such  as  pcAnywhere  is  installing  the 
client.  Symantec  addressed  that  issue  in 
this  version  with  its  Quick  Connect  and 
Deploy  feature.  With  this  feature,  we  could 
control  a  target  computer  over  our  net¬ 
work  in  less  than  5  minutes.  In  the  past,  it 
might  have  required  a  visit  to  the  remote 
machine  if  you  didn’t  have  another  soft¬ 
ware  distribution  tool. 

Remote  management  also  receives  a  lot 
of  attention  in  this  release.  Many  common 
remote  management  tasks,  such  as  reg¬ 
istry  editing,  command  prompt  access 
and  system  shutdown/reboot,  do  not 
require  a  remotenrontrol  session.  For  the 


pcAnywhere  11.0 


security  conscious,  pcAnywhere  1 1  sup¬ 
ports  13  authentication  types,  including 
RSA  Security’s  SecurlD. 

Many  user  interface  enhancements  went 
into  this  release,  including  the  use  of  fold¬ 
ers,  favorites  and  a  history  feature.  The 
basic  remote-control  process  is  quite 
responsive  and  includes  a  full  screen 
mode  that  works  very  well.  Several  little 
features,  such  as  the  ability  to  transfer  the 
clipboard  either  to  or  from  the  target 
machine,  make  it  easy  to  copy  items  such 
as  a  license  key  between  machines.  You 
also  can  capture  the  current  screen  or 
record  an  entire  remote  session  for  later 
playback.The  only  downside  to  the  record 
capability  is  that  Symantec  uses  a  propri¬ 
etary  format  for  saving  the  recording, 
which  means  you’ll  also  need  its  software 
to  play  it  back. 

File  transfer  is  another  area  most  people 
take  for  granted.  PcAnywhere  provides  a 
secure  file  transfer  capability  that  now 
works  in  the  background. You  can  queue 
up  a  number  of  files  to  transfer  in  order.  A 
folder  synchronize  feature  makes  sure  the 
files  are  the  same  on  both  machines,  while 
a  folder  clone  option  copies  all  files  in  a 
folder  from  one  machine  to  another.  The 
command  queue  makes  it  possible  to 
automate  file  transfer  tasks  such  as  folder 
synchronization  and  schedule  them  to 
run  at  a  specific  time  using  the  Windows 


pcAnywhere  11. 


Symantec 

Cupertino,  Calif. 

www.symantec.com 

Cost:  Host  and  remote  $199.95,  remote 
only  $99.95 

Pros:  Tons  of  new  features  and  usability 
enhancements;  responsive  remote 
control  and  timesaving  remote 
management  features. 

Cons:  Proprietary  file  format  for  screen 
capture  and  session  recording 
makes  it  harderto  share  those  files. 


task  scheduler. 

So  the  question  remains  —  is  the  prod¬ 
uct  enough  of  an  improvement  over  the 
basic  Windows  features  to  purchase?  The 
answer  depends  on  your  situation.  If  your 
network  is  small  and  in  one  location  with 
a  limited  number  of  servers  to  support, 
you  probably  don’t  need  it.  If  you  need  to 
connect  to  remote  systems  over  various 
types  of  connections  and  need  to  perform 
the  types  of  tasks  pcAnywhere  supports, 
you’ll  do  well  by  this  product. 

Ferrill  can  be  reached  at  paul.ferrill® 
verizon.net. 
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WebSphere 

continued  from  page  27 

Portal  5.0  are  helping  to  drive  the  market 
for  portal  software,  analysts  say  However, 
users  still  are  wrestling  with  whether  to 
deploy  disparate  search,  content  manage¬ 
ment  and  collaboration  systems,  or  to  look 
for  those  capabilities  in  a  single  portal. 

IBM,  which  competes  with  vendors  such 
as  BEA  Systems,  Plumtree,SAP  and  Sun  in 
the  portal  market,  is  on  the  right  track  with 
its  efforts,  Ramos  says. 

“IBM  has  the  application  server,  the  port- 
let  builders,  all  the  way  to  collaborative 
capabilities  and  content  management  on 
the  other  end,”  she  says.  “A  lot  of  vendors 
are  strong  in  one  or  the  other.  IBM  provides 
all  this  natively’ 

WebSphere  Portal  5.0  is  expected  to  be 
available  Aug.  21.  It  is  priced  starting  at 
$87,000  per  CPU,  including  a  year  of  main¬ 
tenance,  and  runs  on  Windows,  AlX,Solaris, 
Linux  on  Intel  and  Linux  on  zSeries. 

In  other  WebSphere  news,  the  company 
this  week  is  expected  to  announce  a  new 
version  of  its  WebSphere  Business  Integra¬ 
tion  Connect  software,  and  a  new  set  of  ser¬ 
vices  to  go  along  with  the  business-to-busi- 
ness  integration  software. 

IBM  says  WebSphere  Business  Integration 
Connect  Version  4.2  speeds  up  the  process 
of  getting  connected  with  business  part¬ 
ners.  The  software  —  available  in  Express, 
Advanced  and  Enterprise  editions  —  is 
installed  on  a  dedicated  server  and  acts  as 
a  hub  between  the  host  company  and  its 
business  partners.  The  software  tracks  and 
monitors  the  exchanges  between  partners, 
and  checks  that  shared  documents, 
processes  and  software  will  work  across 
environments. 

The  software  also  can  track  changes 
across  business  partners’ networks,systems 
and  processes  to  keep  the  shared  environ¬ 
ments  up  to  date  and  compatible.The  soft¬ 
ware  also  lets  several  business  partners 
connect  via  a  hub,  rather  than  a  point-to- 
point  connection  that  only  supports  two 
parties,  IBM  says. 

“One  of  the  problems  with  integration 
across  partners  is  that  until  now  there  were 
only  isolated  connections,”  says  Stuart 
Mclrvine,  program  director  WebSphere 
business  integration  software.  “Systems 
could  not  support  multiple  different  supv- 
pliers  or  multiple  tiers  of  suppliers.” 

The  Express  version  costs  less  than 
$1,000  per  connection  for  partners,and  the 
Advanced  version  will  cost  between 
$30,000  and  $60,000  per  CPU  for  hub  own¬ 
ers,  with  additional  costs  for  connections. 
Enterprise  customers  would  pay  between 
$100,000  and  $200,000  per  CPU,  with 
unlimited  connections. 

Along  with  the  software  upgrades  expect¬ 
ed  to  be  available  in  the  third  quarter,  IBM 
added  a  suite  of  services,  through  a  part¬ 
nership  with  Viacore,to  help  customers  get 
integration  and  work  together  more  quick¬ 
ly.  Viacore  can  host  the  WebSphere  soft¬ 
ware,  manage  it  remotely  or  help  cus¬ 
tomers  roll  it  out  and  get  started.  Pricing  for 
the  services  have  yet  to  be  determined.  ■ 


It  ain’t  braggin’ 
if  you  can  do  it 


Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can  ’ 
measure.  A  network  solutions  and  ■;  '  5' 


services  provider  called  NextiraOne, 


At  NextiraOne,.  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing,  , 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures.  ' 
In  the  United  States  or  around  the  ,  " 


world.  You  name  it,  we  do  it  -  with 


world-class  results 


www.NextiraOne.com  (888)  398-0547 
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Tt  ACCESS  FOR  HUNDREDS  LESS 
DOES  WONDERS  FOR  THE  REPUTATION. 

We  just  lowered  our  prices  and  waived  our  installation  fees. 
And  that’s  for  the  same  premium  performance  and  specialized 
service  that  has  made  us  the  fastest-growing  T1  data 
provider  in  the  nation.  Still,  we  don’t  expect  you  to  be 
convinced  overnight.  That’s  why  we’re  giving  you  30  days  of 
no-risk  trial. 


Take  Our  Risk-Free  30-Day  Covad  T1  Challenge 


CALL  1-800-555-0456 

Try  our  T1  for  one  month  and  we’ll  pay  for  installation. 
If  you’re  not  completely  satisfied,  we’ll  refund  your 
-monthly  fee  and  equipment  cost. 


WHY  SWITCH  TO  COVAD  DATATl? 

•  Service  Level  Guarantees  •  4-hour  mean  time  to  repair  •  Guaranteed  99.99% 
monthly  uptime  •  Right-sized  pricing  when  we  lower  T1  fees  in  the  future 

•  Specialized  T1  Service  Team  available  live  24x7  •  Tl-dedicated,  toll-free  hotline 


WWW. covad.com  /  blchollenge 
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ISPs  slow  to  upgrade  nets  for  dial-up 


■  BY  DENISE  PAPPALARDO 

Although  millions  of  users  still  depend 
on  dial-up  Internet  access  service  when 
traveling  or  working  from  a  home  office, 
the  benefits  provided  by  the  newest 
modem  specification  remain  unavailable 
to  many  of  them. 

The  International  Telecommunication 
Union  (ITU)  ratified  a  dial-up  modem 
specification  called  v.92  almost  three  years 


■  Businesses  looking  to  deploy  enter¬ 
prise  content  delivery  networks,  but 
hoping  to  avoid  the  headaches  of 
managing  them,  have  a  couple  of  new 
options.  MCI  and  Equant  last  week 
each  announced  enterprise  CDN 
services.  Both  companies  are  offering 
behind-the-firewall.  customer- premises 
installations  that  they  will  manage  and 
monitor.  Businesses  need  load  only 
the  content  they  want  to  move.  MCl’s 
service  is  software-based  and  runs  on 
IBM  servers.  Pricing  starts  at  $7,500 
per  month  for  a  core  server  and  $525 
per  month  for  each  edge  server.  MCI 
also  charges  a  one-time  installation 
fee  of  $1,000  per  server.  The  Equant 
service  uses  Network  Appliance 
NetCaches.  Pricing  was  not  released. 

■  VaJere  Power  last  week  announced 
the  availability  of  battery-testing  soft¬ 
ware  for  its  AC/DC  telecom  power- 
distribution  systems  that  gives  carri¬ 
ers  information  on  the  health  and 
reliability  of  their  battery  back-up 
systems.  The  software  runs  a  series 
of  tests  that  can  be  configured  to 
automatically  generate  alarms  if  a 
battery  string  fails  the  test  Key  volt¬ 
age,  current  and  battery-amperage 
hours  also  are  tracked  during  the 
tests.  The  software  runs  on  and  ships 
with  Valere’s  Compact  DC  Power 
System  and  Integrated  Power  Sys¬ 
tem.  For  existing  customers,  the  soft¬ 
ware  is  available  as  a  free  upgrade. 

To  use  the  software,  customers  must 
have  installed  a  LAN  access  card  in 
the  power  supply. 


ago,  but  two  of  the  largest  ISPs  for  business 
users  still  are  not  offering  v.92  features. 

V.92  gives  dial-up  users  faster  modem 
connections,  faster  upstream  speeds  and 
the  ability  to  put  a  data  connection  on 
hold  to  answer  a  voice  call,  a  feature  often 
called  Internet  call-waiting. 

MCI  has  not  upgraded  its  network  to  sup¬ 
port  the  specification.  Sprint  has  upgraded 
its  network,  but  is  not  offering  v.92  features 
to  customers. 


■  BY  JIM  DUFFY 

Equipe  Communications  last  week  be¬ 
came  the  latest  Layer  2  core  multiservice 
switch  maker  to  unveil  software  that  en¬ 
ables  its  switch  to  function  as  a  label 
switching  router  in  a  Multi-protocol 
Label  Switching  backbone. 

Equipe  follows  Alcatel,  Cisco,  Marconi 
and  Nortel  in  adding  MPLS  to  its  Layer  2 
ATM  switches.  Lucent,  one  of  the  leading 
vendors  of  ATM  switches  to  carriers,  has 
stumbled  in  making  this  transition  by  can¬ 
celling  internal  projects  and  products,  but 
is  trying  again  through  a  partnership  with 
router  vendor  Juniper  Networks. 

The  LSR  capabilities  in  Equipe’s  Evail  3.0 
software  enable  the  company’s  E3200  core 
switch  to  set  up  MPLS  label  switched  paths 
(LSP)  as  the  backbone  links  in  a  multiser¬ 
vice  network.  The  E3200  already  performs 
native  ATM  switching  and  ATM/MPLS  inter¬ 
working;  LSR  now  brings  native  MPLS 
switching  to  the  platform,  Equipe  says. 

This  capability  is  aimed  at  incumbent 
Layer  2  service  providers  that  require  pre¬ 
servation  of  traffic  guarantees  and  opera¬ 
tional  visibility  for  high-margin  services 
such  as  ATM  and  frame  relay.  Though  in¬ 
cumbents  such  as  BellSouth  and  SBC  have 
selected  core  routers  as  the  foundation  of 
their  regional  and  national  MPLS  back¬ 
bones,  respectively,  Equipe  says  these  are 
IP-only  networks  and  that  carriers  will  es¬ 
tablish  a  parallel  switched  MPLS  back¬ 
bone  for  Layer  2/Layer  3  multiservice 
applications. 

“They  still  haven’t  come  to  the  conclu¬ 
sion  that  IP  backbones  will  be  multiser¬ 
vice,”  says  Joe  Whitehouse,  Equipe  director 
of  product  management.“They  have  yet  to 
commit  to  a  vendor  for  the  multiservice 


AT&T  is  ahead  of  its  two  main  competi¬ 
tors,  but  is  just  now  upgrading  its  dial-up 
points  of  presence  and  expects  to  have  the 
v.92  feature  available  nationwide  by  the 
end  of  next  week. 

Qwest  completed  its  upgrade  last  month, 
and  offers  v.92  features  to  business  and 
wholesale  ISP  customers. 

Level  3  Communication  was  the  first 
national  service  provider  (other  than  the 
defunct  NaviPath,  which  closed  its  doors  in 


2001)  to  upgrade  its  entire  network  to  v.92, 
in  2002.  But  Level  3  is  a  carrier’s  carrier  —  it 
does  not  sell  services  directly  to  enterprise 
customers. United  Online,  which  owns  Juno 
and  NetZero,  is  Level  3’s  only  national  ISP 
customer  offering  v92  features. 

About  60%  of  27  million  home-office 
users  access  the  Internet  via  dial-up,  ac¬ 
cording  to  IDC.  While  many  users  are  now 
adopting  cable  modem  and  DSL  services. 

See  v.92,  page  35 


Equipe  makes  piteh  for  MPLS  core 

Switch  maker  looking  to  entioe  inoumbent  Layer  2  servioe  providers  away  from  routers. 


A  difTerent  route 

According  to  Equipe,  a  switch- 
based  MPLS  core  provides  the 
foliowing  advantages  over 
a  router-based  network: 

•  Ability  to  interwork  ATM 
and  MPLS,  or  switch  both  in 
their  native  formats. 

•  Per-connection  traffic 
guarantees  and  operational 
visibility  for  all  traffic  types. 

•  Software  with  non-stop 
routing  and  forwarding  of 
ATM  and  MPLS  services. 


•  Virtual  circuit  and  label- 
switched-path  scalability 
required  for  the  core  of  a 
connection-oriented  carrier 
network. 

core  for  all  of  their  services.” 

BellSouth  is  initially  positioning  its  MPLS- 
enabled  BellSouth  Regional  IP  Backbone 
(BRIB),constmcted  with  Juniper  core  and 
Cisco  edge  routers,  as  an  enabler  of  traffic 
engineering,  enhanced  performance  and 
quality-of-service  for  IP  transport  and  ser¬ 
vices.  However,  BellSouth  plans  to  support 
Transparent  LAN,  ATM  and  Layer  2  VPN  ser¬ 
vices  on  BRIB  this  year,  and  Equipe  says  it 
has  tested  the  E32(X)’s  LSR  capabilities. 

European  carrier  Telefonica  also  has 
tested  the  E3200’s  LSR  implementation. 
However,  Equipe  has  not  received  any 
purchase  orders  for  the  product. 

SBC  has  said  it  hopes  to  use  the  national 
IP  network  it  is  building  for  all  its  data  ser¬ 
vices.  Equipe  might  view  the  situation  as  an 
opportunity,  but  others  might  suggest  it  is 


desperation  driven  by  a  market  for  MPLS 
cores  that  appears  to  favor  routers. 

“Equipe’s  positioning  is  not  significantly 
unique  from  those  of  other  multiservice 
switch  makers,  and  carriers  have  yet 
to  signal  conclusively  which  direc¬ 
tion  they  plan  to  go  in  terms  of  con¬ 
solidating  multiple  overlay  net¬ 
works,”  states  Joe  McGarvey  an  ana¬ 
lyst  at  Current  Analysis,  in  a  report  on 
Equipe’s  Evail  3.0.“After  four  years  in 
start-up  mode  without  an  announ¬ 
ced  customer,  Equipe  desperately 
needs  to  find  a  positioning  that  will 
resonate  with  carriers  and  evolve 
into  revenue.” 

Equipe  contends  it  has  the  optimal 
platform  for  converged  Layer  2/ 
Layer  3  cores  based  on  MPLS.  The 
E3200  offers  several  features  that 
routers  do  not,  Equipe  says,  includ¬ 
ing  native  switching  and  interwork¬ 
ing  of  ATM  and  MPLS,  per-connection 
traffic  guarantees,  non-stop  routing  and 
forwarding  of  ATM  and  MPLS  services, 
and  virtual  circuit  and  LSP  scalability 
For  instance,  routers  cannot  facilitate  the 
1-to-l  virtual  circuit-to-LSP  mapping, 
Equipe  says.  A  router  maps  an  entire  ATM 
port  to  an  MPLS  LSP  meaning  that  one  LSP 
carries  all  ATM  virtual  circuits. 

The  E3200  maps  real-time  virtual  circuits 
to  individual  LSPs,  while  best-effort  virtual 
circuits  are  combined  into  the  same  tunnel 
LSPln  this  way  delay-sensitive  traffic  would 
have  distinct  transmission  guarantees 
Routers  also  lack  native  ATM  switching 
and  control  planes;  everything  is  foi- 
warded  or  routed  as  packets.  This  could 
be  a  deterrent  to  carriers  seeking  a  more 
seamless  migration  from  ATM  to  MPLS, 
Equipe  says.B 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


When  you  ask  telecom  executives 
how  they  plan  to  shore  up  their 
companies’  sagging  bottom  lines, 
the  answer  is  consistent;  managed 
services. 

In  theory,  that  sounds  great.  Outsourcing 
is  perennially  popular  with  IT  shops,  and 
never  more  so  than  now,  thanks  to  the  eco¬ 
nomic  downturn  and  continuing  pressure 
on  IT  departments  to  cut  costs  while  im¬ 
proving  services.  So  managed  services 
should  be  an  attractive  option  for  all  par¬ 
ties:  Telephone  companies  make  more 
money  and  improve  their  margins,  and  IT 
execs  save  money  and  offer  improved  ser¬ 
vices  to  internal  customers. 

But  there’s  a  catch.  IT  execs  and  telcos  are 
worlds  apart  when  it  comes  to  defining 
managed  services.  If  it’s  not  addressed 
upfront,  that  definition  gap  can  lead  to 
mutual  unhappiness  and  disappointment. 

What  do  1  mean?  IT  executives  are  mov¬ 
ing  toward  a  shared-services  delivery 
model.  This  means  IT  departments  take 
responsibility  for  delivering  not  only  the  in¬ 
frastructure  but  also  the  applications,  and 
in  some  cases  business  functions  that  en¬ 


Managed  services:  What's  next? 


able  a  particular  business  service. 

In  the  old  days,  IT  executives  delivered  a 
LAN-quipped  PC  to  each  user’s  desktop 
and  provided  a  network  in  good  working 
order.  Responsibility  for  transferring  data 
over  that  network  rested  with  the  user  (or 
more  accurately  the  line  of  business). 

These  days,  IT  takes  responsibility  for  en¬ 
suring  that  critical  networked  applications 
function  appropriately  —  meaning  that  a 
networked  accounting  application  delivers 
necessary  accounting  information  in  a  reli¬ 
able  and  timely  fashion. That  involves  a  far 
better  understanding  of  what  data  users 
need,  how  they’re  planning  to  use  that 
data,  and  where  it’s  stored. 

Service  providers  are  only  just  beginning 
to  make  the  leap  toward  understanding 
this  new  definition  of  service.  Most  telco 
executives  still  think  in  terms  of  managing 
and  monitoring  devices  on  an  end  user’s 
network.  That  definition  was  current  about 
10  years  ago  when  providing  a  managed 
frame-relay  access  device  service  was  con¬ 
sidered  cutting  edge,  but  it’s  now  obsolete. 

Managed  services  of  the  21st  century  en¬ 
compass  a  lot  more  than  devices.  For  ex¬ 
ample,  a  recent  study  conducted  by  my 
firm  found  that  100%  of  responding  IT  ex¬ 
ecutives  acknowledged  externalizing  at 
least  some  of  their  internal  resources  (data¬ 
bases,  e-mail  servers  and  other  applica¬ 
tions,  even  infrastructure).  Disturbingly, 


these  executives  lacked  a  policy  for  deter¬ 
mining  which  outsiders  could  gain  access 
to  what  —  let  alone  an  effective  implemen¬ 
tation  and  audit  trail  for  that  policy. 

A  managed  security  service,  therefore, 
should  include  creating  and  implementing 
effective  authorization  and  authentication 
policies,  providing  encrypted  access  to  ex¬ 
ternalized  resources,  and  auditing  that  ac¬ 
cess  to  deliver  a  historical  record  of  who 
saw  what. 

Fortunately,  some  service  providers  are 
showing  signs  of  seeing  the  light.  For  exam¬ 
ple,  managed-services  provider  Fiberlink  re¬ 
cently  announced  a  partnership  with 
Neoteris  (which  makes  appliances  that  pro¬ 
vide  management  and  control  of  Secure 
Sockets  Layer-based  VPNs)  through  which 
the  service  provider  will  deliver  managed 
remote-access  and  third-party  solutions. 

What  makes  this  offering  potentially  pow¬ 
erful  is  that  Fiberlink  has  historically  fo¬ 
cused  on  offering  bandwidth-independent 
services  and  is  looking  to  leverage  Neoteris’ 
strengths  in  policy-centric  security  to  de¬ 
liver  next-generation  managed  services. 

Stay  tuned  for  similar  partnerships  in  this 
market. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


V.92 

continued  from  page  33 

most  are  not  using  these  services  to  access 
their  corporate  LAN.  About  87%  of  users  ac¬ 
cess  their  corporate  LAN  remotely  via  dial¬ 
up,  while  67.5%  use  cable  and  59.8%  DSL, 
IDC  says.  The  numbers  are  based  on  the 
firm’s  WAN  Manager’s  Survey  of  500  net¬ 
work  executives,  some  of  whom  used  mul¬ 
tiple  options. 

So  why  would  carriers  ignore  this  appar¬ 
ent  opportunity? 

The  carriers  “look  at  all  of  their  activities 
and  how  much  money  they  have,  and  then 
prioritize  what  projects  come  first,”  says 
Michael  Suby,  an  analyst  at  Stratecast 
Partners.  “Some  don’t  view  this  as  the  best 
investment  in  terms  of  return  on  the  dollar, 
regardless  of  what  might  appear  to  be  a 
small  amount  of  work  [to  upgrade  their 
network] .” 

Even  though  millions  of  business  users 
depend  on  dial-up  occasionally  or  on  a 
daily  basis,  MCI,  which  operates  the  largest 
business  IP  backbone,  says  users  aren’t  in¬ 
terested  in  v.92. 

“We  have  not  seen  enough  benefit  to  jus¬ 
tify  upgrading  our  entire  network,”  a  com¬ 
pany  spokeswoman  says.  “We  have  sur¬ 
veyed  our  enterprise  customers  and  have 
not  seen  a  demand  for  this  service.” 

The  carrier  has  maintained  a  handsoff 
position  about  v.92  for  the  past  two  years. 

MCI  says  it  is  upgrading  parts  of  its  dial-up 
network  for  some  of  its  wholesale  ISP  cus- 


Dial-up  doittinance 

Of  the  27  million  home-office 
users  connected  to  the 
Internet,  a  majority  still 
connect  via  dial-up. 
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tomers,  but  v.92  service  support  might 
never  be  available  to  business  users. 

Sprint  says  it  just  finished  upgrading  its 
dial-up  POPs  with  new  Lucent  code  that 
fully  supports  v.92,  but  it  is  not  making 
those  features  available  to  any  of  its  cus- 
tomers.The  carrier  says  it  is  working  with  its 
largest  wholesale  ISP  customers,  including 
AOL,  EarthLink  and  MSN,  to  support  v.92 
features,  but  “it  is  not  as  easy  as  just  turning 
it  on  and  off,”  a  Sprint  spokeswoman  says. 
The  upgrade  is  aimed  at  benefiting  the  car¬ 
rier’s  wholesale  customers,  not  its  business 
users.The  carrier  has  no  plans  to  offer  v.92 
features  to  its  business  customers. 

AT&T  began  its  v.92  upgrades  June  16  and 
expects  to  finish  by  Aug.  15,  says  Rick 
Gretsch,  director  of  global  product  man¬ 


agement  for  IP  services  at  AT&T.The  carrier 
has  actively  tested  v.92  since  last  fall  when 
it  upgraded  a  small  portion  of  its  network 
to  support  the  ITU  standard.  The  carrier 
had  about  60  dial-up  access  numbers  that 
supported  v92  last  fall. 

Gretsch  says  the  carrier  moved  slowly  on 
v.92  for  a  few  reasons.There  were  delays  in 
“getting  clean  firmware  from  our  vendor 
and  then  we  took  some  time  to  test  the 
product.  And  there  also  wasn’t  the  same 
enthusiasm  around  v92  as  there  was  for 
V.90,”  he  says. 

The  ITU’s  previous  modem  standard,  v.90, 
offered  users  a  substantial  connectivity 
speed  increase  —  from  28.8K  to  56K 
bit/sec.  Like  v.90,  v.92  supports  downstream 
speeds  up  to  56K  bit/sec.  But  that’s  where 
the  similarities  end. 

V.90  modems  support  upstream  speeds 
of  33. 6K  bit/sec,  while  V92  modems  sup¬ 
port  upstream  speeds  of  48K  bit/sec. 
Initial  modem  negotiation  with  an  ISP’s 
access  concentrator  is  expected  to  be 
25%  faster  than  with  V90  modems,  and 
the  Internet  call-waiting  feature  has  not 
previously  been  available.  ■ 

More  online! 

Find  out  how  your  ISP  is 
faring  compared  with  its 
peers  with  our  latest  Top 
ISP  Report. 
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Visit  www.dell.conn/SAN4  and  go  to  the 
Dell  Storage  Consolidation  ROI  Analyst 
Tool  for  a  free  business  case  analysis  that 
clearly  outlines  the  best  storage  solution 
for  you.  From  needs  and  deployment 
to  enterprise-level  services,  Dell's 
comprehensive  storage  consolidation 
solution  will  help  you  determine  your 
organization's  exact  requirements,  and 
help  simplify  the  implementation. 


Or  call  1-866-871-9877  today  to  speak  with 
a  Dell  representative.  Together  you  can 
assess  your  situation  and  then  develop  a 
cost-effective  storage  solution  that  can 
improve  both  your  operations  and  your 
bottom  line. 
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Here  comes  home  control 

New  !P  services  help  mobile  and  remote  workers  monitor  the  home  while  away. 


■  BY  TONI  KISTNER 

Forget  The  Clapper  and  Bill  Gates’  house. 
The  first  wave  of  Internet-enabled  home- 
control  and  monitoring  services  are  in 
sight,  and  they’re  reasonably  priced,  stable 
and  truly  useful. 

Such  services  can  ease  a  variety  of  prob¬ 
lems  brought  on  by  remote  and  mobile 
work  styles,  and  improve  the  security  of  the 
corporate  home  office.  Mobile  workers  who 
spend  lengthy  periods  on  the  road  can  set 
up  lighting  routines  to  make  the  house  look 
active,  remotely  monitor  security  cameras, 
control  thermostats  to  conserve  energy  and 
monitor  the  water  heater  in  winter  to 
ensure  the  pipes  don’t  freeze. 

Remote  workers  who  live  in  residential 
areas  can  beef  up  security  with  a  camera 
at  the  front  door  they  can  monitor  from 
within  the  home  office,  and  motion  detec¬ 
tors  at  the  office  windows.  And  employees 
who  struggle  to  balance  work  and  family 
responsibilities  can  use  live  cameras  to 
ensure  the  children  come  home  from 
school,  that  the  cleaning  lady  came  as 
promised  or  a  package  was  picked  up  on 
schedule. 

The  market  had  a  false  start  around  2000 
when  Xanboo  and  BeAtHome  launched 
monitoring  services.  Xanboo  no  longer 
sells  products  in  retail,  and  BeAtHome 
was  acquired  by  Echelon,  the  leading 
player  in  industrial  remote  network  moni¬ 
toring.  Big  players  such  as  GE,  IBM, 
Microsoft  and  Sears  also  are  exploring 
home-control  technologies. 


Takes 

■  Eighty  percent  of  senior  executives 
expect  to  have  teleworkers  within  two 
‘  -Trs  ■  .r  from  54%  today,  according  to 
recent  AT&T  study  conducted  by 
t‘'  i  .  !V;ist  Intelligence  Unit.  Drivers 
'  ■'  t;  -  sharp  increase  include  better 
:  -  .v'  a, .  •-s.s.  improved  communica- 

u  V  .r  recsei; , A, bai  .ration  of  their 
.  . . '  ;  r:,  vvj  wcc  drrce.  cost-cutting 
«  -T  0;  ’c  pr?  ^ '  lowever,  ttie 
n  che'T.'cP  ^  l  to  telework 
!  Fx; .  L-i  fr.ifrO  tr>at  telework 


But  today  two  new  companies  to  watch 
are  Connected  Hearth  and  SecurityBroad- 
band.  Connected  Hearth  offers  a  combina¬ 
tion  of  security  and  home  control  services; 
SecurityBroadband  focuses  on  security 
but  plans  to  offer  control  services  as  cus¬ 
tomers  demand.  Both  companies  build 
their  service  around  a  gateway  device  that 
connects  to  the  broadband  modem  over 
Ethernet.The  gateway  connects  to  the  con- 


would  reduce  managers’  ability  to  moni¬ 
tor  and  control  work;  increase  security 
problems,  equipment  costs  and  opposi¬ 
tion  from  senior  management;  and  dam¬ 
age  companies’  corporate  culture. 

■  Iomega  and  Computer  Associates 

recently  agreed  to  partner  to  offer  a 
network -attached  storage  device  tar¬ 
geted  to  small  and  midsize  offices.  The 
Iomega  NAS  Backup  will  include  an 
Iomega  NAS  server  with  1.28  terabytes 
of  storage.  Software  includes  CA's 
Brightstor  ARCServe  Backup  9.0  for 
Windows  data  protection  software  and 
eTrust  Antivirus  7.0  for  Windows.  The 
product  is  expected  to  ship  this  month. 


trolled  devices  using  wires, X-10  power-line 
technology  radio  frequency  and  eventually 
802.11.  Neither  service  requires  a  dedicat¬ 
ed  PC,  a  drawback  of  earlier  offerings. Vicar 
Networks  sells  such  a  Windows-PC  based 
system  and  announced  in  April  it  had 
struck  a  deal  with  an  unnamed  service 
provider  to  launch  a  market  trial. 

John  Thorsen,  co-founder  of  Connected 
Hearth,  had  commuted  from  his  home  in 
New  York  City  to  a  weekend  home  in  the 
Hamptons  for  years.  Before  he’d  return  to 
the  city  Sunday  night,Thorsen  would  turn 
down  the  thermostat  to  50  degrees  and 
shut  off  the  water  heater.  But  every  Friday 
night  when  he  pulled  into  the  driveway,  a 
sense  of  dread  would  come  over  him;  Had 
the  house  been  broken  into?  Had  the 
heater’s  pilot  light  gone  out  or  the  pipes 
burst?  Even  if  nothing  had  happened,  it 
would  take  hours  for  the  house  to  warm 
up. When  he  couldn’t  find  a  remote  moni¬ 
toring  service  to  meet  his  needs,  the  for¬ 
mer  AppleScript  software  developer  and 
trainer  launched  Connected  Hearth. 

Today, Connected  Hearth  service  is  avail¬ 
able  in  the  Hamptons,  where  homes  aver¬ 
age  $1.7  million. The  basic  service,  which 
costs  $6,000,  includes  a  home  automation 
controller,  Internet  gateway  box,  cameras, 
motion  detectors  and  sensors.  Monitoring 


costs  $60  a  month. The  company  plans  to 
expand  its  service  nationally  by  Septem¬ 
ber  with  partner  Home  Automation. 

SecurityBroadband’s  Safe  Village  System 
offers  intercoms  and  video  cameras  that 
provide  live  IP  feeds  and  recorded  video 
at  15-second  intervals.The  set  up  includes 
an  alarm  panel  type  of  gateway  device, 
indoor  camera  with  motion  detector,  two 
window  or  door  sensors,  two  intercom  sta¬ 
tions,  keypad  and  siren. The  base  package 
costs  $499,  with  monthly  monitoring  for 
$40.  An  outside  camera  is  also  available. 
The  company,  launched  in  1999  by  former 
cable  executives,  has  rolled  out  service  to 
some  Cox  Communications  and  Comcast 
customers  in  Sarasota,  Fla.,  and  Las  Vegas, 
with  plans  to  expand  service  soon. 

Both  companies  offer  password-protect¬ 
ed  access  to  the  Web  site,  where  users  can 
monitor  activity  and  change  settings. The 
companies  can’t  access  customers’  Web 
pages,  and  SecurityBroadband  offers  a 
guest  user  account  that  can  be  configured 
with  an  expiration  date,  should  a  sub¬ 
scriber  want  to  turn  over  monitoring  con¬ 
trol  to  someone  else  in  their  absence.  If 
anything  goes  awry,  the  companies  con¬ 
tact  the  homeowner  via  phone,  and 
Connected  Hearth  also  sends  a  text-mes- 
Scige  notification.  ■ 


Controlling  forces 

Connected  Hearth’s  new  service 
offers  IP-based  device  monitoring 
and  control,  so  you  can  watch  over 
and  maintain  your  home  (and 
home  office)  remotely.  ^ 


O  Contrdld  devices  (xmned  to  the  Auton^^ 
different  ways.  Thermostats  and  security  equipment 
are  hard-wired;  appliances  are  hard-wired  or  connected 
using  X-10  power  line.  Lights  connect  via  X-10,  Echelon 
Lonworks  or  Microsoft  CEBus. 

o  In  the  basement,  the  Automation  Controller  is  installed 
near  the  thermostat  and  water  heater.  Optionally, 
the  controller  connects  to  a  security  company’s 
central  station  monitor  via  a  digital  communicator. 

0  The  gateway  links  to  the  Automation  Controller  using 
a  serial  interface.  The  gateway  connects  the  home’s 
devices  to  the  Connected  Hearth  Server  over  a 
broadband  connection. 

O  fhe  server  pings  the  controller  every  60  seconds 
checking  the  home’s  vital  stats.  Emergency  events 
are  reported  via  e-mail  and  text  messaging.  The 
gateway  communicates  with  the  server  hourly, 
broadcasting  the  IP  address  of  the  broadband  router. 
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Vi)  TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


802.1 S  solves  architecture  issues 


■  BY  MICHAEL  WARD 

Network  managers  designing  Layer  2 
networks  have  long  relied  on  IEEE  802. ID 
Spanning  Tree  Protocol  to  provide  redun¬ 
dancy  while  ensuring  loop-free  connectiv¬ 
ity  among  multiple  network  bridges  and 
switches.  However,  the  combination  of 
802. ID  and  802. IQ  virtual  LANs  creates 
network-architecture  challenges. 

If  you  have  multiple  links  to  separate 
VLAN  traffic,  STP  could  disable  some  of 
those  data  paths.  802.  IS  Multiple 
Spanning  Tree  Protocol  solves  the  prob¬ 
lem  by  supporting  multiple  spanning 
trees  within  a  network.  The  standard  lets 
administrators  assign  VLAN  traffic  to 
unique  paths. 

Consider  a  network  configuration  of 
three  switches  that  are  fully  intercon¬ 
nected.  Within  the  network  are  two 
VLANs  with  IDs  of  10  and  20.  Switch  1 
has  VLAN  10  and  20  assigned  to  two 
unique  ports  on  the  switch  so  that  VLAN 
10  and  VLAN  20  traffic  flows  over  sepa¬ 
rate  links.  At  first  glance  this  appears  to 
be  an  ideal  configuration  to  load  bal¬ 
ance  the  traffic  over  the  two  VLANs  (see 
graphic).  However,  STP  is  running  on  all 
three  switches  in  this  network. 

With  S3  chosen  as  the  root  bridge,  STP 
will  block  the  link  between  Switches  1 
and  2.  When  this  occurs,  the  traffic  from 
VLAN  20  can’t  transverse  the  network.This 
problem  arises  because,  while  the  switch¬ 
es  treat  VLAN  10  and  20  as  complete  sep¬ 
arate  networks,  the  original  802. ID-based 
STP  treats  the  overall  topology  as  a  single 
network  because  it  doesn’t  have  the  con¬ 
cept  of  multiple  networks. 

One  solution  would  be  to  run  multiple, 
independent  copies  of  STP  known  as  a 


■  HOW  IT  WORKS 


802.1  S 

Using  multiple  virtual  LANs  creates  an  architectural 
challenge  because  802.1D  Spanning  Tree  could  disable 
some  of  those  links.  802.1S  solves  the  problem  by 
supporting  multiple  spanning  trees  within  a  network, 
allowing  several  unique  paths. 


Switch  1 


802.1D  network 
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VLAN  20 
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Switch  2 


witch  3:  Root 


O  Spelling  Tree  Protocol  elects  ©  Traffic  from  VLAN  10  ©  Traffic  from  VLAN  20  attempts 

Switch  3  as  the  root,  blocking  the  traverses  the  link  between  to  traverse  the  link  between 

link  between  Switches  1  and  2.  Switches  1  and  3.  Switches  1  and  2  but  is  blocked. 


O  Multiple  Spanning  Tree  Protocol  ©  MSTP  Instance  2  elects  ©  Traffic  from  VIAN  O  Traffic  from  VLAN 
(MSTP)  Instance  1  elects  Switch  3  Switch  2  as  root,  blocking  10  traverses  the  20  traverses  the 

as  the  root,  blocking  link  between  link  between  Switches  1  link  between  link  between 

Switches  1  and  2  for  VLAN  10.  and  3  for  VLAN  20.  Switches  1  and  3.  Switches  1  and  2. 


spanning-tree  instance,  on  the  switch.  But 
assigning  a  unique  spanning-tree  instance 
to  each  VLAN  isn’t  practical  because  this 
introduces  overhead  on  the  switches. 
What’s  more,  most  networks  don’t  need 
more  than  a  few  logical  topologies. 
Rather,  one  spanning-tree  instance  per 
desired  topology  should  suffice. 

For  multiple  devices  to  properly  interact 
they  must  be  aware  of  the  mapping  of 
VLANs  to  multiple-spanning-tree  in¬ 
stances.  In  large  enterprise  networks  there 
might  be  a  need  to  have  different  VLAN-to- 
MSTP  instances,  and  as  such  the  802. IS 
standard  accommodates  these  different 
mappings  through  the  use  of  multiple- 
spanning-tree  regions. 

Looking  back  at  the  initial  example,  you 
can  see  how  the  use  of  802.  IS  solves  the 
topology  problem.  If  you  assign  VLAN  10  to 
MSTP  Instance  Land  VLAN  20  to  MSTP  In¬ 
stance  2,  there  will  be  two  separate  span¬ 
ning-tree  topologies.  Switch  3  will  become 
the  root  bridge  for  Instance  1  and  will  block 
the  link  between  Switches  1  and  2. 

But  unlike  the  802. ID-based  scenario, this 
link  is  blocked  only  for  traffic  from  VLAN  10. 
Traffic  from  VLAN  20  can  traverse  this  link. 
Likewise,  MSTP  Instance  2  chooses  Switch  2 
as  its  root  bridge  and  blocks  the  link  from 
Switches  1  to  3  for  traffic  from  VLAN  20. 

By  assigning  VLANs  to  separate  span¬ 
ning-tree  topologies,  network  managers 
ensure  that  both  VLANs  can  traverse  a  net¬ 
work  appropriately  This  produces  the 
desired  effect  of  balancing  traffic  across 
the  networks  and  reveals  the  value  of 
802.  IS  MSTP  in  a  network  topology 

Ward  is  program  director  of  product  man¬ 
agement  for  LVL7  Systems.  He  can  be 
reached  at  mward@lvl7.com. 


Dr.  Internet  By  Steve  Blass 

Our  network  has  several  wireless  access  points, 
and  system  logs  show  unauthorized  users  have 
'‘borrowed"  our  Internet  connection.  What  can  we 
do  to  make  the  access  points  more  secure? 

Finding  wireless  access  points  is  a  matter  of  using 
a  traveling  wireless  client  system  to  sniff  for  wire¬ 
less  base  stations.  Some  utilities  identify  only  open 
access  points.  Others  exploit  the  connections  they 
find.  Maps  can  be  found  on  the  Internet  identifying 


“stumbled"  networks  in  most  major  metropolitan 
areas. 

First,  enable  Wired  Equivalent  Privacy  to  stop 
unauthorized  users  from  auto-connecting  to  your 
wireless  net.  This  is  only  the  first  step,  as  it  easily 
can  be  cracked  by  free  utilities  such  as  airsnort 
(airsnort.shmoo.com).  The  next  steps  include 
changing  the  default  Service  Set  Identifier,  dis¬ 
abling  SSID  broadcast  and  changing  the  default 
password  for  the  base  station.  Other  security 


tools  include  media  acqess  control-address  filter¬ 
ing,  installing  a  security  gateway  between  the 
wireless  access  point  and  your  wire-line  network 
and  directing  wireless-connection  attempts  to 
authenticate  against  a  RADIUS  or  VPN  server 
before  letting  traffic  pass  the  gateway. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.  internet® 
changeatiDork.  com. 
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More  Samba  steps 
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We’ve  been  discussing  Samba,  the 
open  source  freeware  implementa¬ 
tion  of  the  Server  Message  Block 
protocol,  and  last  week  we  established  a 
NetBIOS  session  between  a  client  and  a 
Samba  server.  Now  we  have  to  get  the  two 
ends  of  the  connection  to  agree  on  what 
variant  of  SMB  they  are  going  to  use. 

The  result  of  negotiating  which  protocol 
variant  to  use  always  is  determined  by 
whichever  end  uses  the  earliest  dialect  — 
that  will  be  the  protocol  variant  spoken. 

The  client  sends  the  SMB  command  for 
this  negotiation,  SMBnegprot,  to  the  server 
along  with  a  list  of  all  the  variants  the 
clients  can  speak.  The  server  replies  with 
an  index  value  that  indicates  which  entry 
in  the  client’s  list  of  variants  the  server 
wants  to  use.The  server  also  can  reply  that 
none  of  the  dialects  are  acceptable,  in 
which  case  the  connection  fails. 

Now  that  the  server  and  clients  have 
agreed  on  what  variant  of  the  protocol  to 
use,  the  client  must  set  the  session  parame¬ 


ters  using  the  SMBsesssetupX  command. 
These  parameters  include  the  work  group 
that  the  client  wants  to  join  (this  name  was 
found  by  browsing  the  NetBIOS  names 
from  the  name  server  before  the  NetBIOS 
session  between  the  client  and  server  was 
established);  the  account  name  and  pass¬ 
word  (if  required);  the  maximum  amount 
of  data  that  can  be  transferred  in  a  single 
response;  and  the  number  of  pending 
requests  that  can  be  queued. 

When  the  server  authorizes  the  connec¬ 
tion  it  returns  a  reply  that  includes  a  tree 
identifier  (TID).TheTID  can  be  thought  of 
as  a  handle  (or  pointer)  that  the  server 
allocates  to  identify  the  client’s  connec¬ 
tion  to  a  share. 

in  that  same  reply  is  the  ServiceType 
field,  which  is  A  for  a  disk  orfile,LPTi  fora 
spooler  such  as  a  print  queue,  COMM  for  a 
directly  connected  device  such  as  a 
modem  or  printer;  or  IPC  for  a  named  pipe. 

Digression:  Although  you  already  know, 
a  named  pipe  is  a  mechanism  for  passing 
data  from  one  process  to  another  using  a 
named  message  buffer,  and  it  runs  on  top 
of  NetBIOS.  Named  pipes  shouldn’t  be 
confused  with  regular  pipes  (denoted  by  I 
as  in  the  DOS  command  dir  I  more), 
which  redirect  the  standard  output  (std- 
out)  from  one  process  to  the  standard 


input  (stdin)  of  another. The  biggest  differ¬ 
ence  between  regular  and  named  pipes  is 
that  the  latter  can  connect  processes  run¬ 
ning  either  locally  to  each  other  or  on  dif¬ 
ferent  machines. 

Windows  equivalents 

Under  MS-DOS,defining  shares  and  delet¬ 
ing  them,  connecting  to  shares  and  check¬ 
ing  the  status  of  SMB  connections  is  done 
using  the  Net  command.  Under  Windows, 
all  the  functionality  of  the  Net  command 
essentially  is  embedded  in  Windows 
Explorer. 

So,  for  example,  clicking  on  Network 
Neighborhood  is  equivalent  to  running  the 
command  “NET  VIEW  /DOMAIN,”  which 
lists  all  the  visible  domains  (work  groups). 
If  you  then  click  on  a  workgroup  name  it  is 
equivalent  to  executing  “NET  VIEW 
DOMAIN:<domain_name>”  to  display  all 
the  constituent  computers.  If  you  then  click 
on  a  computer  name  to  show  all  available 
shares  it  is  the  same  as“NETVIEW\\<com- 
puter_name>.” 

Finally,  clicking  on  a  share  name  in 
Explorer  is  like  executing  “NET  USE 
<drive>:  \\<computer_name>\<share_ 

name>”.  Note  that  many  of  the  options 
available  under  the  Net  command  will  fail 
if  you  are  running  it  in  a  command  shell 
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under  Windows. 

There  are  a  few  differences  between 
using  a  Samba  server  and  a  Windows  serv¬ 
er.  First,  as  we  noted  last  week,  if  Samba  is 
your  primary  Windows  Internet  Name 
Service  server  it  can’t  synchronize  with 
Windows  secondary  WINS  servers  and  it 
can’t  be  a  secondary  WINS  server.  Second, 
Samba  doesn’t  support  Windows  NT 
domain  trust  relationships. 

Third,  Samba  can  act  as  a  primary  do¬ 
main  controller  for  clients  running  all  ver¬ 
sions  of  Windows  but  not  as  a  backup  do¬ 
main  controller.  Samba  doesn’t  yet  support 
Microsoft’s  Active  Directory  services  —  that 
is  planned  for  the  next  version  —  but  it  can 
function  in  a  mixed-mode  environment 
that  runs  Windows  Active  Directory  and 
Windows  NT  domains  simultaneously. 

The  current  version  of  Samba  is  2.2,  and 
you  can  download  source  and  binaries 
for  a  number  of  operating  systems,  includ¬ 
ing  AIX,  DigitalUnix,  Irix,  Linux  (Debian, 
Mandrake,  Red  Hat,  SuSE,  TurboLinux), 
SCOCaldera,  Novell,  Solaris  and  VMS.  Go 
to  www.samba.org  and  select  the  site  clos¬ 
est  to  you  —  the  download  link  will  be  on 
the  left  side  of  the  home  page. 

Next  week  well  get  Samba  running. 
Upload  thoughts  to  gearhead@gibbs.com. 


Cool 

Quick  takes 
on  high-tech  toys 
By  Keith  Shaw 


Summertime  is  pretty  busy  around  the  Cool  Tools  Testing 
Zone  —  there  doesn’t  seem  to  be  a  letup  in  the  number  of 
different  products  we’re  playing  with.  Here’s  the  latest: 


The  latest  from  the  lab 


surfing  history  to  remain  private,  take  a  look  at  this  soft-  j 

ware.  A  free  demonstration  version  is  available;  the  full  \ 

* 

version  costs  $50.  Go  to  the  WhiteCanyon  Web  site  for 
details. 


SecureCiean  4.0 

I’ve  always  thought  that  as  a  somewhat-knowledgeable 
computer  user,  I  could  just  delete  my  Web  surfing  activity 
via  the  tools  given  to  me  through  Microsoft’s  Internet 
Explorer.  Selecting  Internet  Options  from  the  Tools  menu 
item  lets  you  do  things  such  as  delete  cookies,  delete 
cache  and  clear  out  the  history  Three  clicks  and  you’d 
think  all  your  Web  activity  (including  credit  card  numbers 
and  passwords)  would  be  eliminated. 

You  would  think  that,  and  you’d  be  wrong. 

I  found  out  how  wrong  when  I  installed  SecureCiean 
4.0  from  WhiteCanyon  Software. The  software  includes  a 
scanner  program  that  searches  your  hard  drive  for  data 
you  thought  you  had  deleted.  The  SecureCiean  applica¬ 
tion  then  can  delete  the  data  from  your  system 
permanently 

Having  thought  I  had  scrubbed  my 
disk  through  the  methods  described 
above,  I  was  shocked  to  see  how 
mui'h  Web  surfing  activity  and  data 
was  still  on  the  computer.  If  you  have 
a  Windows  98  or  higher,  95  or  NT  sys¬ 
tem  YOU  are  donating  to  someone, or  lOGear  Phaser  Mouse 

,1  ius.  wan,  dau>  and  \Vfeb 


For  Trek'  and  PowerPoint  fans 

I’m  not  sure  whether  those  two  groups  can  co¬ 
exist,  but  on  the  off  chance  you’re  a  Star  Trek  fan 
and  a  big  FbwerFbint  user,you’ll  definitely  want  to  get 
the  lOGear  Phaser  Mouse.lt  looks  like  a  science-fiction 
ray  gun  with  a  trackball  on  the  top  for  your  thumb,  three 
buttons  (left,  middle  and  right)  surrounding  the  trackball, 
and  a  trigger  that  acts  like  the  left  mouse  button. 

The  Phaser  uses  a  radio  frequency  signal  (27.045 
MHz)  to  connect  to  its  base  station  (lOGear  says  it  has  a  50- 
foot  range),  which  connects  to  a  computer  via  USB.  Once 
the  Phaser  is  associated  with  the  base  station,  the  trackball 
acts  like  the  mouse  for  any  purpose. 

The  main  purpose  of  the  device  will  be  to  run 
PowerPbint  slide  shows,  as  the  trigger  button  acts  like 
the  forward  button  when  you’re  in  slide-show  mode.  In 
addition,  the  middle  button  below  the  trackball  acti¬ 
vates  the  laser  pointer.  Remember  kids,  don’t  shine  the 
laser  at  someone’s  eyes. 

Anyway,  the  Phaser  works  best  for  FbwerFbint  —  for  reg¬ 
ular  mousing  I  found  the  trackball  uncomfortable, 
but  it’s  possible  that’s  because  of  my  smaller 
hands.  The  Phaser  costs  about  $50  and  can 
be  found  at  the  lOGear  Web  site. 


Rnding  Wi-Fi 

From  the  “so  simple  it  hurts”  catego¬ 
ry  comes  the  Kensington  WiFi  Finder, 
a  $30  device  that  can  attach  to  your 


It's  easy  to  find  hot  spots  with  the  WiFi  Finder. 


key  chain. With  the  press  of  a  button,  the  device  blinks  and 
lets  you  know  whether  you  are  inside  a  location  that  has  a 
Wi-Fi  connection.  Green  means  good,  blinking  red  means 
nothing  or  still  scanning. 

The  device  won’t  indicate  what  the  Service  Set  Identifier 
of  the  wireless  network  is  —  but  it  will  give  relative  signal 
strength.  In  addition,  this  method  of  looking  for  a  hot  spot 
is  much  easier  than  booting  up  a  laptop,  or  even  a  PDA,  to 
see  if  Wi-Fi  exists.  It  is  slightly  larger  than  a  credit  card).  It  is 
small  enough, however, to  fit  inside  a  laptop  bag  and  won’t 
weigh  you  down  one  bit. 

The  WiFi  Finder  can  detect  802.1  lb  and  802.1  Ig  signals 
(in  the  2.4-GHz  range)  —  you’re  out  of  luck  if  you’re  look¬ 
ing  for  802.11a.  But  because  most  hot  spots  are  using 
802.1  lb,  this  shouldn’t  be  a  problem. The  Kensington  Web 
site  has  more  details. 


Shaw  can  be  reached  at  kshaw@nww.com. 


Need  more  network  connections? 
Need  security  and  reliability  in  your  infrastructure? 
Need  an  affordable  way  to  add  LAN  ports? 


Then  you  need  Network  Jack  from  3Com. 

Add  ports  where  and  when  you  need  them  with 
Network  Jack,  a  revolutionary,  "in  the  wall"  10/100 
switch.  Turn  a  single  port  LAN  wall  outlet  into  four 
Ethernet  ports  in  just  minutes.  With  Network  Jack  you 
avoid  the  hassle  and  expense  of  pulling  cables,  and  it's 
more  physically  secure  than  a  desktop  switch.  Network  Jack  is  available  in 
an  unmanaged  version,  and  a  managed  version  which  supports  port-based 
VLANs,  forwards  Power  over  Ethernet,  and  features  bundled  management 
utilities  with  patented  technology  that  make  troubleshooting  a  breeze.  With 
low  cost,  simple  installation,  and  great  features.  Network  Jack  is 
revolutionizing  edge  switching  technology.  To  learn  more  about  Network 
Jack,  visit  www.3com.com/NetworkJack. 


BEST  OF  INTEROP 
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O  2003  3Com  Corporation.  All  rights  reserved.  3Com  and  the  3Com  logo  are  registered  trademarks,  and  Possible  made 
practical  is  a  trademark  of  3Com  Corporation. 


"its  unique  design  enables 
us  to  affordably  install 
additional  ports  in  a 
fraction  of  the  time  and 
cost  previously  required." 

~  Tim  Feitntx  Supervisor  of  Telecommuniconor 
Cherokee  County  School  District 
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EDITORIAL 

Sandra  Gittlen 

Training: 

What  do  you 
want? 

Many  companies  are  well  into  the  third  year  of 

budget  restrictions,  which  makes  it  tough  to  stay 
ahead  of  the  learning  curve. 

One  way  to  keep  up  is  to  attend  free  Network  World 
seminars  that  examine  emerging  technologies.  So  far  this 
year,  our  tours  have  covered  voice  over  IRwireless  LANs 
and  storage.  Still  to  come  are  events  focused  on  develop¬ 
ments  in  WANs,  LANs  and  data  centers  (for  the  complete 
list,  head  to  www.nwfusion.com,  DocFinder:  7042). 

Regarding  the  latter,  in  September  we  launch  the  New 
Data  Center  Technology  Tour  as  a  direct  result  of  survey¬ 
ing  past  seminar  attendees  about  top  concerns.The 
response  that  kept  showing  up  was  the  need  to  consoli¬ 
date  resources  and  automate  tasks  without  compromis¬ 
ing  security. 

The  seminar,  led  by  Andrew  Schroepfer  of  Tier  1 
Research,  will  explore  how  to  re-architect  networks  to 
gain  efficiency. Topics  will  include  centralizing  resources 
such  as  servers  and  storage,  use  of  offload  devices  to  opti¬ 
mize  for  performance, security  options  and  tools,  and 
management  wares  that  provide  better  visibility  into  net¬ 
work  resources. 

Besides  Schroepfer’s  keynote  presentation,  the  event  will 
feature  presentations  by  Cisco,  Concord  Communications, 
EMC,  Force  10  Networks,  Foundry  Networks,  Inkra 
Networks,  Nauticus  Networks  and  NetScaler. 

This  and  the  other  seminars  will  take  us  deep  into  fall, 
and,  it  is  already  time  to  look  ahead  to  the  2004  schedule. 
That’s  where  you  come  in.  We  need  your  input. 

What  topics  would  you  like  to  see  addressed?  Some  of 
the  feedback  we’ve  received  already  called  for  more  of  a 
focus  on  managing  enterprise-wide  communications. 

So  we’re  putting  together  a  tour  called  Messaging  in  the 
Enterprise  scheduled  for  early  next  year  in  which  we  will 
address  pressing  issues,  including  getting  a  handle  on 
spam  and  allowing  access  via  wireless  devices. 

How  do  you  best  deal  with  unsolicited  email  and 
extend  support  to  mobile  devices  without  jeopardizing 
security? 

But  what  else  is  on  your  list?  What  technologies  are  you 
and  your  staff  wrestling  with?  And  what  learning  environ¬ 
ment  works  best  for  you?  Do  you  need  more  access  to 
your  peers  so  you  can  learn  from  their  experiences,  do 
you  want  to  hear  more  from  key  analysts,  or  do  you  prefer 
concentrated  vendor  presentations  that  help  you  quickly 
sort  through  the  options? 

Here’s  your  chance  to  request  the  training  that  best  suits 
your  needs.  E-mail  me  your  responses. 


—  Sandra  Gittlen 
Events  editor 
sgittlen  @nww.  com 


www.nwfusion.com 
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other  spam  fallout 

Regarding  Mark  Gibbs’  Backspin  column  “What 
spam  really  costs”  (www.nwfusion.com,  DocFinder: 
7025):  Don’t  forget  the  applications  made  impracti¬ 
cal  or  impossible  by  spam.  For  example,  is  your“mail 
received”  gong  still  on?  Do  you  read  your  spam 
directly  on  your  PDA,  without  filtering? 

We  have  many  small  bot-like  objects,  some  run¬ 
ning  on  mere  Intel  8051  microcontrollers.  E-mail 
used  to  be  a  practical  alerting  method  by  which 
these  could  scream  and  holler.  But  spam  noise 
makes  this  impractical. 

Bill  Clark 
Boulder,  Colo. 

Call  your  service 

Regarding  Edward  Horrell’s  column  “No  one  here 
but  the  sales  department”  (DocFinder:  7026); 
Horrell’s  experiment  illustrates  two  important 
points.  First,  there  is  a  severe  shortage  of  service  solu¬ 
tions  for  small  and  midsize  businesses  (SMB). 
Second,  the  call  centers  still  are  being  built  and 
operated  by  the  enterprise  for  their  own  business 
logic,  not  that  of  their  end  users. 

As  for  large  call  centers,  Horrell’s  suggestion  that 
they  should  call  their  own  service  number  to  expe¬ 
rience  what  their  users  go  through  is  right  on  the 
nose.  The  question  is,  what  action  they  will  or  can 
take  afterward.  Maybe  they  should  take  the  un-call- 
center  approach  —  one  in  which  service  people 
will  reach  out  and  contact  users  in  their  channel  of 
choice  once  a  request  is  initiated  and  won’t  give  up 
until  the  matter  is  resolved  satisfactorily 

Phong  Nguyen 
President 
LinkUpService 
L^s  Altos,  Calif. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southtxirough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Weighty  issue 

Regarding  Howard  Anderson’s  column,“Where’s  the 
war  dividend?”  (DocFinder:  7027):  I  can  tell  you  what 
will  catch  the  Pfentagon’s  eye.  Anderson  mentions  it 
in  his  column:  weight.  1  was  a  Marine  grunt  and  car¬ 
ried  an  M-60  when  1  was  in  the  service  30  years  ago. 
The  M-60  is  still  in  use  and  weighs  the  same,  and  so 
does  its  ammunition. You  can’t  do  much  to  reduce 
the  weight  of  the  bullet  or  the  gun  without  reducing 
its  effectiveness.  But  C  rations,  heavy  and  bulky,  have 
been  replaced  with  MREs.  Boots  have  been 
redesigned  and  reduced  in  weight. 

Our  industry  is  wide  open  in  this  area.  Can  you 
combine  a  Palm  Pilot  with  a  Global  Positioning 
System  and  attach  it  to  the  team  radio?  Can  every 
soldier  be  equipped  with  such  a  device?  Can  they 
be  made  inexpensively?  During  the  invasion  of  Iraq 
there  have  been  stories  about  soldiers  asking  their 
families  to  purchase  some  of  these  items  at  Radio 
Shack  and  ship  them  over. These  devices  are  lighter, 
smaller  and  easier  to  use  than  the  military  version. 

Rudy  Socha 
CEO 

WildlifeGifts.Com 
Lorain,  Ohio 

Having  been  an  Airborne  Ranger  infantry  soldier,  I 
am  disheartened  at  the  attitude  implicit  in  Howard 
Anderson’s  column,“Where’s  the  war  dividend?”The 
light-hearted  reference  to  Tang  does  not  mitigate  his 
inherently  greedy  and  shallow  view  of  our  world. 

It  is  obvious,  from  the  many  “how  to  invest  and  get 
rich  in  war-related  stocks”  television  programs,  that 
many  of  the  “patriotic”  investment  counselors  in  this 
nation  are  really  just  greedy,  parasitic  scum.  I  had 
hoped  that  Network  World  would  avoid  such  oppor¬ 
tunistic  feeding  upon  the  sincere  efforts  of  our 
troops  and  tech  industry  innovators. 

Kent  Morrison 
Steamboat  Springs,  Colo. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  7021 
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ON  THE  ROAD 

Joel  Snyder 


What  is  an  IPS,  anyway 


iiiMifklitlri 


During  Network  World’s  recent  Security 
Technology  Tour,  we  received  a  lot  of 
questions  about  intrusion-prevention 
systems.  The  problem  is  that  there  is  little 
agreement  on  what 
an  IPS  really  is. 

The  security  ex¬ 
perts  on  the  tour  agreed  on  one  thing:  An  IPS 
must  be  inline.  That  is,  packets  have  to  move 
through  the  IPS  to  prevent  intrusions.  While 
the  idea  of  resetting  connections  and  chang¬ 
ing  firewalls  is  a  good  interim  step,  enterprise- 
class  intrusion  prevention  will  require  that 
the  IPS  handle  packets,  dropping  them  when  something  is  wrong. 

A  second  assumption  about  IPS  is  that  it  is  a  “permissive”  technology 
In  other  words,  an  IPS  will  drop  a  packet  if  it  has  a  reason  to,  but  the 
default  behavior  is  to  pass  traffic  along.  In  contrast,  a  firewall  is  a  “pro¬ 
hibitive”  technology:  It  lets  a  packet  through  only  if  it  has  a  reason  to. 

Obviously,  firewalls  are  also  intrusion-prevention  devices.  Some  ex¬ 
perts  say  that  all  IPS  vendors  are  talking  about  is  what  firewalls  should 
be  doing.  But  the  difference  in  the  orientation  of  these  technologies 
suggests  that  they  are  not  the  same. 

More  importantly  because  they  are  different,you  can  use  a  firewall  or 
an  IPS  or  both  at  any  point  in  your  network.  At  the  perimeter,  it’s  rea- 
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sonable  to  expect  that  a  firewall  also  will  have  an  IPS  built  in.  But  at  the 
core  of  the  network,  inline  IPS  might  be  built  into  switches  and  routers. 

How  do  you  convince  purse  holders  to  buy  into  IPS?  There’s  no  easy 
answer  to  that.The“fear  factor”  approach  can  be  useful.  Make  the  deci¬ 
sion-makers  afraid.  Point  out  the  new  legisla¬ 
tion  regarding  liability.  And  perhaps  you’ll 
see  the  money  start  to  flow.  But  that’s  not  a 
long-term  solution. 

For  some,  an  IPS  can  be  justified  on  the 
“nuisance  factor”  instead.  By  blocking  the 
thousands  of  Code  Red  and  MS-SQL 
Slammer  attacks  coming  into  the  network 
every  hour,  the  load  on  the  firewall  is  light¬ 
ened,  the  Internet  connection  is  faster  and  the  Web  server  logs  are 
easier  to  analyze. 

For  others,  IPS  justification  will  have  to  be  part  of  a  larger  program 
of  security,  justified  on  the  basis  of  traditional  ROI  analysis. 

What’s  clear  from  tour  attendees  is  that  wrapping  a  firewall  around 
the  perimeter  is  no  longer  sufficient  to  meet  the  needs  of  modern  net- 
works.Technologies  such  as  IPS  need  to  be  pushed  into  the  network, 
not  just  at  the  edge,  but  throughout  the  entire  infrastructure. 

Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner  at 
Opus  One  in  Tucson,  Ariz.  He  can  be  reached  at  Joel.Snyder@opusl .com. 
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The  problem  is 
that  there  is 
little  agreement 
on  what  an  IPS 
really  is. 


ABOVE  THE  CLOUD 

James  Kobielus 


olicy  infrastructure  is  the  “control  bus” 
that  harnesses  distributed  systems  to  en¬ 
terprise  requirements.  Policies,  admin¬ 
istered  centrally,  must  propagate  promptly, 
consistently  and  reliably  to  the  target  nodes 
and  services  where  they’ll  be  enforced. 

Real-time  policy  propagation  is  a  critical  re¬ 
quirement  of  dynamic  network  and  application  environments.  Com¬ 
panies  expose  themselves  to  unacceptable  security  risks  when  policy 
updates  don’t  flow  immediately  from  administration  tools  to  firewalls, 
proxies  and  other  policy-enforcement  points. 

Distributed  environments  can’t  become  self-policing  and  self-optimiz¬ 
ing  if  policy  traffic  lags  behind  the  traffic  it’s  supposed  to  control.  From 
a  security  standpoint,  the  objective  must  be  to  ensure  that  terminated 
employees  can’t  access  distributed  resources  before  their  permissions 
are  revoked,or  that  viruses  don’t  reach  their  targets  before  new  virus  pat¬ 
terns  propagate  to  those  nodes.  From  a  performance  standpoint, service- 
level  agreements  must  govern  run-time  interactions  among  distributed 
application  components,  thus  ensuring  that  end-to-end  latencies  and 
response  times  don’t  stretch  beyond  acceptable  thresholds. 

However,  expedited  policy  propagation  isn’t  always  easy  to  guarantee 
in  complex  netwotte.  Usually,  policies  and  policy-relevant  data  such  as 
user  identities  and  permissions  propagate  like  most  other  information 
on  enterprise  networks:  via  routed  IP  networks.  As  the  number  of  man¬ 
aged  resources  grows,  so  does  the  volume  of  traffic  associated  with 
managing  those  resources  and  enabling  basic  security  operations  such 
as  authentication,  authorization  and  content  filtering.  This  traffic  can 
choke  networks  that  haven’t  been  optimized  to  prioritize  delivery  of 
policy  updates  to  distributed  nodes,  such  as  firewalls,  proxy  servers, 
intrusion-detection  devices,  anti-spam  gateways  and  desktops. 

Companies  should  be  able  to  run  policy,  identity  and  security  ad¬ 
ministration  traffic  over  message-oriented  middleware  (MOM)  envi¬ 
ronments.  MOM  services  can  ensure  reliable,  guaranteed,  end-to-end 
delivery  between  applications.  But  sadly,  no  MOM  protocol  standard 
has  ever  been  implemented  on  all  operating  platforms  and  applica¬ 
tions  environments,  so  the  necessary  middleware  fabric  for  acceler¬ 
ated  policy  traffic  doesn’t  exist. 


Prioritized  policy  routing  needed 


Expediting  policy  propagation  is  especially  difficult  in  Web  services 
environments.  No  MOM  protocol  has  yet  been  implemented  in  pro¬ 
duction  mode  in  the  fast-developing  Web  services  arena.  Simple  Object 
Access  Protocol  (SOAP),  with  its  long  latencies  and  lack  of  delivery 
guarantees,  is  not  the  ideal  transport  for  pushing  policy  identity  and 
permission  updates  across  Web  services  environments  in  real  time.The 
Web  services  world  won’t  have  a  reliable,  deterministic  messaging  pro¬ 
tocol  until  vendors  implement  proposed  standards  such  as  Web  Ser¬ 
vices  Reliable  Messaging,  which  leverages  and  extends  SOAP 

The  Web  services  control  bus  will  become  congested  and  in  need  of 
prioritized  policy  routing.  The  volume  of  SOAP-encapsulated  policy 
traffic  will  keep  expanding.  Just  look  at  the  range  of  SOAP- 
oriented  identity  security  and  policy  standards  that  have  been  devel¬ 
oped.  If  you  want  to  see  the  emerging  outlines  of  the  Web  services 
control  bus,  consider  specifications  such  as  Security  Assertion 
Markup  Language,  Web  Services  Security  and  Service  Provisioning 
Markup  Language. 

Network  planners  should  factor  requirements  for  prioritized  policy 
routing  into  their  Web  services  middleware  planning.To  accelerate  pol¬ 
icy  traffic,  companies  will  rely  on  content-based  SOAP  routers  from  var¬ 
ious  vendors,  including  Actional,  AmberPoint,  Blue  Titan  and  Data- 
Fbwer  Technology  Most  of  these  vendors’  application-layer  routers  are 
deployed  as  proxies  to  various  enterprise  application  servers. 

Ask  your  identity  security  and  policy  management  vendors  whether 
they  plan  to  integrate  with  any  of  these  third-party  application-layer 
routers  or  implement  prioritized  SOAP  routing  functionality  into  their 
products.  Unfortunately,  few  security  vendors  have  considered  this 
issue  in  a  coordinated  fashion.  But  they  will  need  to  do  so  soon. 
Prioritized  policy  routing  is  essential  to  the  governance,  effectiveness 
and  scalability  of  complex  Web  services  security  environments.  With¬ 
out  it,  networks  will  become  riddled  with  vulnerabilities  caused  by 
inconsistent,  lagged  application  of  policy  updates  across  diverse,  dis¬ 
persed  nodes. 


Prioritized  pol¬ 
icy  routing  is 
essential  to  the 
governance, 
effectiveness 
and  scalability 
of  complex  Web 
services  security 
environments. 


Kobielus  is  a  senior  analyst  with  Burton  Group,  an  IT  advisory  ser¬ 
vice  that  provides  technology  analysis  for  network  planners.  He  can  be 
reached  at  (703)  924-6224  or  jkobielus@burtongroup.com. 
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Elmer  won  second  place 
in  a  gardening  contest. 

He  got  a  bag  of  seeds  and  a 
backyard  full  of  plastic  flamingos. 
You’re  flying  high  now  Elmer. 


Nothing  beats  number  one. 


RETINA®  The  #1  Rated  Network  Security  Scanner 

^Superior  Vulnerability  Assessment  &  Remediation 

Would  you  trust  the  security  of  your  network  to  anyone  but  the  industry  leader?  Introducing 
'  Retina.' the  industry's  #1  rated  vulnerability  assessment  solution  from  eEye  Digital  Security. 
Retina  uses  non-intrusive  tests  to  assess  your  network,  accurately  identify  weakness  and 
provide  comprehensive  detail  to  enable  complete  remediation.  Take  control  of  your  network  and 
let  Retina  simplify  your  risk-reduction  process.  Because  nothing  beats  number  one. 

FREE  RETINA  Trial  Version  and  Whitepaper:  www.eeye.com/free 
or  Call  1.866.282.8276  For  More  Information 
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Vulnerability  is  over. 
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NETWORK  COMPRESSION  DEVICES 

Supersizing  existing  WAN  connections 

■  BY  CURTIS  FRANKLIN  AND  GREG  GODDARD,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

Squeezing  10  pounds  of  data  into  an  existing  5-pound  connection  can  save 
a  lot  of  money  Network  data  compression  is  becoming  so  commonplace 
that  router  vendors  have  begun  including  limited  compression  features  — 
such  as  TCP/IP  header  compression  —  in  most  models.  However,  for  maxi¬ 
mum  compression  performance  that  can  be  tailored  to  fit  your  specific  traffic  pat¬ 
terns,  you  should  consider  dedicated  network  compression  devices. 


We  tested  five  systems  —  from  Boost- 
Works,  Expand  Networks,  ITWorx,  rack¬ 
eteer  and  Peribit  Networks  —  to  see 
how  they  compressed  data  through  a  lim¬ 
ited  network  connection  and  what  the 
deployment  and  management  costs 
amount  to. 

All  products  go  well  beyond  shrinking 
packet  headers  by  also  significantly  com¬ 
pressing  the  packet  payload.  In  our  FTP 
testing,  we  achieved  as  much  as  a  400% 
performance  gain,  which  represents  a 
best-case  compression  scenario. 

The  performance  gains  from  these 
products  heavily  depend  on  the  traffic 
types  and  flows  running  across  a  network 
(see  how  we  set  up  our  lab  at  www.nw 
fusion.com,  DocFinder:  7028.)  Your  mile¬ 
age  definitely  will  vary 

Within  the  broad  category  of  “network 
compression,”  the  vendors  found  many 
ways  to  squeeze  data  into  a  standard 
pipe.  The  major  differences  lie  in  how 
compression  is  defined  and  what  traffic 
is  compressed. 

The  algorithms  these  products  use 
depend,  broadly,  on  one  of  two  tech¬ 
niques:  redundant  string  compaction 
and  replacement  dictionary  lookup.  Re¬ 
dundant  string  compaction  replaces 
strings  of  repeated  characters,  or  strings 
with  regular  patterns,  with  smaller  re¬ 
placements  and  reconstruction  instruc¬ 
tions.  Dictionary  lookup  also  targets  re¬ 
peating  strings  and  patterns,  but  instead 
of  inserting  compacted  replacement 
strings,  lookup  keys  pointing  to  dictio¬ 


nary  entries  are  inserted  into  the  traffic 
stream. 

Compression  algorithms  have  a  signifi¬ 
cant  effect  on  performance,  but  larger 
differences  center  on  whether  compres¬ 
sion  is  applied  to  all  traffic  or  only  traffic 
from  a  particular  source,  and  how  much 
of  the  overall  network  traffic  stream 
already  is  compressed. 

All  products  except  BoostWorks’  at¬ 
tempt  to  compress  all  network  traffic, 
unless  a  setup  parameter  has  exempted  a 
particular  type  of  traffic  or  traffic  from  a 
particular  address. 

The  BoostWorks  product  attempts  to 
compress  only  particular  types  of  traffic, 
such  as  HTTR  Simple  Mail  Transfer 
Protocol  (SMTP)  or  specific  application 
transactions.  Its  designers  are  banking  on 
the  assumption  that  most  enterprise  traf¬ 
fic  falls  into  one  of  the  targeted  patterns. 

It  also  makes  a  difference  on  complexi¬ 
ty  whether  compression  is  unidirectional 
(from  server  to  client,  for  example,  where 
a  network  compression  device  acts  as  a 
server  and  compresses  specific  types  of 
traffic,  and  decompression  occurs  on  the 
client)  or  bidirectional  (end-to-end, 
where  a  compression  device  sits  on  both 
ends  of  the  network  segment  to  handle 
compression).  All  products  in  this  review 
support  bidirectional  compression. 
BoostWorks  also  supports  unidirectional 
compression. 

Most  devices  pay  close  attention  to  the 
TCP  port  from  which  the  traffic  origi¬ 
nates,  although  Packeteer  also  considers 


FTP  performance 

In  our  tests  of  FTP  performance, 
transfer  times  for  a  146M-byte 
Linux  kernel  file  sent  through  a 
compression  device  was  reduced 
significantiy  compared  with  an 
uncompressed  file.  Over  a  512K 
bit/sec  frame  relay  connection, 
an  uncompressed  fiie  took 
approximateiy  39  minutes  to 
compiete. 

Compression  device 

Time 

ITWorx 

9:39 

BoostWorks 

9:57 

Expand 

10:31 

Packeteer 

11:10 

Peribit 

19:10 

information  from  the  packet  header. 

Most  products  —  except  those  from 
BoostWorks  and  ITWorx,  which  don’t 
compress  User  Datagram  Protocol  (UDP) 
traffic  —  could  compress  voice-over-IP 
(VoIP)  traffic  we  threw  at  them  by  20%  to 
25%.  In  our  FTP  tests, a  146M-byte  uncom¬ 
pressed  copy  of  the  Linux  kernel  took  39 
minutes  to  transfer.  When  we  used  com¬ 
pression  devices,  transfer  times  shrank  to 
between  less  than  10  minutes  up  to  just 
over  19  minutes  (see  graphic, above). 

If  data  passing  across  the  network  is 
repetitive,  caching  effectively  can  reduce 
the  amount  of  traffic  passing  through  the 
network  —  Expand  and  Peribit  support 
caching.  When  we  threw  a  pre-com- 
pressed  2M-byte  file  at  Peribit’s  box,  the 
first  and  second  times  yielded  a  transfer 
time  of  34  seconds.  The  third  time 
around,  the  same  file  took  two  seconds. 
Expand’s  box  exhibited  similar  behavior. 
This  sort  of  caching/reduction  would 
benefit  an  enterprise  link,  where  copies 
of  the  same  file  are  being  sent  around 
through  e-mail  or  FTP  transfers. 

Packet  aggregation  effectively  joins 
small  LAN  packets  into  jumbo  packets  to 
reduce  header  overhead  costs.  This  can 
be  important  on  satellite  links,  where  net¬ 
work  latency  on  one  side  of  the  connec¬ 
tion  is  a  factor.  While  packet  aggregation 


had  a  significant  effect  in  our  UDP  per¬ 
formance  tests  (changing  packet  aggre¬ 
gation  timing  values  increased  perfor¬ 
mance  greatly),  network  managers 
should  consider  whether  to  apply  packet 
aggregation  to  UDP  traffic  because  the 
process  can  have  an  adverse  effect  on 
latency  Most  of  the  products  tested  sup¬ 
port  packet  aggregation.  Packeteer  and 
Expand  let  you  configure  their  devices  to 
support  this  feature  while  ITWorx  and 
Peribit  support  it  transparently  to  the 
user. 

BoostWorks  BoostEdge 

Where  the  other  systems  in  our  tests 
are  designed  to  compress  traffic  moving 
between  segments  of  enterprise  net¬ 
works,  making  the  most  of  large  leased 
data  connections,  BoostWorks  also  can 
work  on  a  more  common  data  connec¬ 
tion  —  between  the  server  and  remote 
client.  Rather  than  creating  tunnels  be¬ 
tween  appliances,  BoostWorks’  Boost- 
Edge  system  can  be  deployed  using  one 
appliance  together  with  a  software 
client  on  the  remote  system.  In  this  con¬ 
figuration,  the  BoostEdge  is  a  unidirec¬ 
tional  system,  compressing  FTP  HTTP 
SMTP  and  Secure  Sockets  Layer  (SSL) 
traffic  sent  from  the  server.  The  system 
also  can  be  deployed  without  a  software 
client,  but  in  this  mode  only  HTTP  traffic 
is  compressed. 

By  focusing  on  specific  traffic  types, 
BoostWorks  achieved  solid  results,  post¬ 
ing  the  second  highest  results  we  saw  in 
transferring  a  large,  uncompressed  file 
via  FTP  Getting  to  these  results  was  sim¬ 
ple  with  the  BoostWorks  system  —  taking 
the  system  out  of  the  box  to  have  it  yield 
functional  acceleration  took  only  a  mat¬ 
ter  of  a  minutes. The  client  loaded  easily 
onto  a  laptop  system  and  operated 
essentially  invisibly  The  FTP  test  was  the 
only  test  we  could  complete  because  of 
the  nature  of  the  system. 

Depending  on  the  model,  the 
BoostEdge  can  support  up  to  8(J,0(K) 
established  connections  and  an  input 
bandwidth  of  42M  bit/sec. 

BoostWorks  has  a  Web-based  manage¬ 
ment  interface  that  provides  statistics  oi’ 
traffic  and  compression,  and  a  mech  ;• 


Compression  name  game 

Whiie  aii  the  products  we  tested  use  a  mix  of  redundant  string 
compaction  and  replacement  dictionary  iookup  compression  techniques, 
each  vendor  puts  its  own  spin  on  the  name  and  the  impiementation. 

Vendor 

Compression  scheme 

White  paper  link 

BoostWorics 

gzip-based 

www.nwfiJSion.com,  DocFinder:  7030 

Expand 

Enterprise  Caching  Technology 

DocFinder:  7031 

ITWorx 

Adaptive  Connection  Compression  and 
MiAiplexing  at  Layer  5 

DocFinder:  7032 

Packeteer 

Application-intelligent  Compression 

DocFinder:  7033 

Peribit 

Molecular  Sequence  Reduction 

DocFinder:  7034 

^  MOBILE 
TECHNOLOGY 
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System  Features; 
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Are  SSL-based  VPNs  a  better 
bet  than  IPSec  VPNs? 


Two  industry  experts  debate  the  strengths  and  weaknesses  of  SSL  and  IPSec  VPNs. 


Yes,  by  Chris  Hopen 


ecure  Sockets  Layer  VPNs  are  the  superior  option  for  secure  “anywhere” 
remote  access.Why?  SSL  VPNs  let  companies  extend  secure  remote  access  to 
more  people,  places,  devices  and  network  resources  than  traditional  IP 
Security  VPNs,  while  lowering  deployment  and  support  costs.  Enterprise-ready 
SSL  VPN  technology  is  becoming  the  de  facto  standard  for  secure  anywhere 
remote  access  for  a  range  of  reasons.  Here  are  just  a  few: 

•  SSL  VPNs  provide  strong  security  for  remote  access.  IPSec  VPNs  create  a  tunnel 
between  two  points,  providing  direct  (non-proxied)  access  and  visibility  to  the  entire 
network:  once  the  tunnel  is  created, it  is  as  if  the  user’s  PC  was  physically  on  the  corporate 
LAN.This  method  creates  various  security  risks,  especially  if  the  user  has  restricted  access 
privileges.  SSL  VPNs  provide  a  secure,  proxied  connection  just  to  the  resources  that  the 
user  is  authorized  to  access.  As  a  result,  users  never  have  a  direct  network  connection, 
which  is  safer.  Split  tunneling  —  the  ability  for  an  end  user  to  have  access  to  the  Internet 
and  internal  corporate  resources  simultaneously  —  is  controllable  with  SSL  VPNs.  In  addi¬ 
tion, SSL  VPNs  provide  detailed  access  control,  making  it  easy  to  give  different  access  priv¬ 
ileges  to  different  users.This  precise  access  control  is  often  impossible,  or  at  best  difficult, 
and  scales  poorly,  with  a  remote-access  IPSec  VPN. 

•  SSL  VPNs  do  not  require  complex,  intrusive  clients.  This  makes  them  easier  to  install 
and  support,  which  leads  to  significant  cost  savings.  SSL  is  pre-installed  on  every  major 
browser,  making  SSL  VPNs  a  clientless  solution.  IPSec  VPNs  require  a  device-specific  client 
installation  on  the  remote  end-user  side  of  the  secure  tunnel,  which  is  often  difficult  and 
in  some  cases  impossible  to  implement  on  external,  non-corporate-controlled  devices.  In 
addition,  these  clients  become  an  ongoing  burden  to  keep  up  to  date. 

•  SSL  VPNs  can  extend  anywhere  remote  access  to  a  larger  range  of  locations  and  net¬ 
work  resources  from  more  Internet-enabled  devices.  SSL  VPN  communications  ride  on 
top  of  standard  TCP/User  Datagram  Protocol  (UDP)  transports,  enabling  SSL  VPNs  to  tra¬ 
verse  network  address  translation  (NAT)  devices,  proxy-based  firewalls  and  stateful 
inspection  firewalls.  This  ability  makes  anywhere  access  possible  even  from  behind  a 
proxy-based  firewall  on  another  company’s  network  or  on  broadband  connections. 
IPSec  VPNs  frequently  can’t  support  complex  networks  because  they  struggle 


No,  by  Brian  Feng 


with  firewall  traversal,  IP  address  conflicts  and  NAT.  In  addition,an  SSL  VPN  pro¬ 
vides  access  from  corjX)rate-managed  devices  and  unmanaged  devices, 
such  as  home  PCs  and  Internet  kiosks.  With  IPSec  client  issues,  an  IPSec  VPN 
is  practical  only  from  managed  or  fixed-location  devices. 

As  remote-access  demands  have  snowballed,  remote-access  IPSec  VPNs  are 
too  limited  in  the  access  they  can  provide, as  well  as  too  costly  to  administer  and 
support.  IPSec  continues  to  be  the  best  solution  for  site-to-site  connections. 

Howexer,  when  it  comes  to  providing  secure  anywhere  remote  More  online! 

access,  SSL  VPNs  are  a  better  alternative.  Log  0(1  to  Network  World  Fusion  to  vok*  your  opinion. 

face-off  authors  Chris  Hopen  and  Brian  Feng  will  add 

Hopen  IS  C7D  ofAventail,  an  SSL  VPN  vendor  in  Seattle.  He  can  be  thoughts  to  the  discussion. 

reached  chopen@aiientail.com.  DocFinder.  7022 


P  Security  VPNs  remain  the  best  choice  for  connecting  multiple  private  networks 
over  the  Internet.  IPSec  operates  at  the  network  layer,  securing  all  data  between 
endpoints,  regardless  of  application.  It  “virtually”  puts  remote  clients  on  the  corpo¬ 
rate  network,  thus  enabling  all  rights  and  functionality  that  users  would  have  if  they 
were  in  the  office. 

Secure  Sockets  Layer  users  are  limited  to  applications  that  can  be  accessed  from  a  Web 
browser.  This  is  fine  for  newer,  Web-based  business  software,  but  it  prevents  users  from 
accessing  non-Web  applications,  and  complicates  functions  such  as  file  sharing,  sched¬ 
uled  file  backups  and  automated  file  transfers. You  can  add  support  for  non-Web  appli¬ 
cations  with  upgrades,  patches,  SSL  gateways  and  other  workarounds,  but  they  tend  to  be 
expensive  and  complicated  to  implement.  IPSec  VPNs  give  users  access  to  the  resources 
that  are  available  on  the  corporate  network  regardless  of  whether  they  are  Web-based,  and 
is  the  best  solution  for  programs  that  require  two-way  automated  communication. 

SSL  is  gaining  popularity  because  it  is  relatively  easy  to  deploy  and  does  not  require  a 
software  client  to  establish  a  VPN  connection.  Allowing  users  to  access  corporate  appli¬ 
cations  from  any  Internet  terminal  with  an  SSL-enabled  Web  browser  has  a  certain 
amount  of  appeal.  However,  giving  users  access  to  corporate  networks  via  unsecured 
computers,  which  might  be  susceptible  to  keystroke-logging  software  and  Trojan  horses, 
also  is  a  security  risk. 

IPSec  VPNs  require  remote-access  clients  to  have  properly  installed  and  configured 
IPSec  client  software  or  an  access  device.  This  provides  a  higher  degree  of  security 
because  access  is  limited  to  specific  access  devices, software  clients,  user  authentication 
mechanisms  and  pre-defined  security  associations. 

Administrators  can  expect  to  expend  some  effort  to  roll  out  IPSec  client  software. 
However,  rollouts  are  easier  than  they  were.  IPSec  clients  that  can  be  “silently  installed” 
without  any  necessary  user  intervention  are  available. The  VPN  server  can  simplify  setup 
for  both  the  administrator  and  end  user  by  automatically  installing  and  configuring  the 
client  package  on  the  end  user’s  access  device. 

IPSec  and  SSL  VPN  technologies  have  strengths  and  weaknesses.  IPSec ’s  ability  to  deliver 
complete  network-layer  connectivity  makes  it  the  best  option  for  securely  con¬ 


necting  multiple  private  networks.  While  SSLs  clientless  structure  is  well- 
suited  for  connecting  remote  users  to  Web-based  corporate  applications 
from  basically  any  Web  browser,  it  presents  some  security  risks  when  users 
are  working  at  public  Internet  stations.  IPSec  software  clients  require  some 
effort  to  install,  and  IF*Sec  does  not  allow  access  from  public  Internet  stations, 
but  it  does  provide  secure  access  to  Web-based  and  non-Web  applications.  For 
IT  administrators,  it  comes  down  to  choosing  which  trade-offs  to  make  when 
designing  a  VPN  strategy  that  best  meets  their  needs. 


Feng  is  vice  president  of  engineering  at  ZyXEL  Communications,  a 
global  provider  of  broadband  access  products  in  Placentia,  Calif  He 
can  be  reached  at  bfeng@zyxel.com. 
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Spenders  and  savers 

Analyzing  your  peers’  IT  investnnent  styles  can  help  bring  greater  returns, 


■  BY  TOM  PISELLO 

IT  spending  is  still  under  intense  scrutiny  as  companies  continue  to 
shrink  expenses  and  tighten  their  belts.  Factor  in  new  legislation 
such  as  the  Sarbanes-Oxley  act,  which  requires  companies  to  report 
investments  that  might  affect  operating  performance,  and  budget 
battles  are  shaping  up  to  be  ugly 


Today’s  IT  leaders  must  prove  that  IT 
investments  deliver  strategic  and  competi¬ 
tive  advantage.  The  results  of  IT  spending 
should  be  measurable  in  key  financial  met¬ 
rics  and  ratios,  such  as  improved  revenue 
growth,  increased  profitability  and  lower 
overhead. 

Planning  teams  need  to  look  outside  to 
the  company’s  peers  to  determine  whether 
progress  is  being  made  on  the  competitive 
landscape. You  might  choose  peers  for  this 
comparison  based  on  industry  business 
model,  revenue,  geography  or  number  of 
employees. 

Examining  spending  practices  of  group 
leaders,  or  those  with  the  highest  value  and 
spending  efficiency,  can  reveal  how  to 
adjust  spending  levels  and  invest  more 
effectively  to  gain  greater  ROl.  On  the  flip 
side,  comparisons  against  a  group’s  poorest 
performers  show  what  practices  to  avoid. 

To  compare  your  firm  to  peers,  determine 
if  there  is  any  correlation  between  overall 
financial  performance  and  IT  spending. 
This  comparison  requires  researching  key 
performance  metrics,  many  of  which  are 
available  from  annual  reports  and  lOK  fil¬ 
ings.  For  detailed  IT-spending  information 
on  specific  companies,  you  could  use  a 
software  tool  that  contains  a  peer-compari¬ 
son  database,  subscribe  to  analyst  bench¬ 
marking  services  or  seek  out  an  account¬ 
ing  consultancy. 

Use  the  average  of  the  peers  as  the  de¬ 
marcation  to  evaluate  the  relationship  of  IT 
spending  vs.  performance,  categorizing 
each  company  within  one  of  four  quad¬ 
rants,  classified  by  leaders  and  followers: 

Frugal  leaders:  These  companies  spend 
less  than  their  peers  on  IT  and  derive  high¬ 
er  impact  from  their  lower-than-average 
spending.They  often  aren’t  innovators  in  IT 
investments;  rather,  they  take  a  wait-and-see 
approach,  investing  in  new  technologies 
as  they  mature.  They  frequently  have 
more-established  processes  than  their 


peers.  In  tight  markets,  frugal  leaders  have 
proven  to  be  the  best  performers  —  being 
adept  at  scaling  down  spending  to  meet 
revenue  slowdowns  while  still  maintain¬ 
ing  profitability 

Unless  these  companies  misstep,  their 
leadership  position  is  secure.  The  biggest 
danger  is  if  the  market  grows  or  shifts  dra¬ 
matically  they  could  lose  significant 
ground  and  market  share  by  not  investing 
quickly  enough.  Frugal  leaders  must  moni¬ 
tor  their  mix  of  IT,  and  spend  more  when 
product  life  cycles  dictate  and  growth 
opportunities  emerge. 

They  should  continue  to  spend  on  inno¬ 
vative  projects  such  as  Web  services,  wire¬ 
less  and  business  intelligence. 

Investing  leaders:  These  firms  spend 
more  than  their  peers  on  IT,  but  their  IT  and 
other  business  investments  still  pay  off. 
They  tend  to  have  higher-than-average  bud¬ 
gets  for  innovative  projects  or  short-term 
initiatives  to  reinvent  the  business  or 
process  change  using  technology  In  gener¬ 
al,  their  goal  is  to  improve  competitive  posi¬ 
tioning  with  strategic  spending. 

When  a  market  retracts,  these  companies 
may  not  be  quick  to  scale  back.  Within  a 
few  years,  they  should  become  frugal  lead¬ 
ers  or  risk  becoming  habitual  over¬ 
spenders.  Sustained  higher  spending  levels 
show  that  a  percentage  of  the  spending  is 
being  squandered. 

Investing  leaders  should  look  to  maxi¬ 
mize  investments  from  existing  technol¬ 
ogy  and  reduce  costs  with  projects  such 
as  enterprise  application  integration, 
warehouse  consolidation  and  data  center 
consolidation. 

Investing  followers:  Companies  in  this 
category  spend  more  than  their  peers  on  IT, 
yet  don’t  achieve  comparable  returns. They 
could  be  investing  in  reinventing  their  busi¬ 
nesses,  improving  processes,  launching 
new  products  or  other  important  short¬ 
term  investments  to  reap  long-term  re¬ 


wards.  Or  the  company  simply  could  be 
investing  in  the  wrong  IT  projects. 

This  type  of  company  is  ripe  for  opportu¬ 
nities  in  reducing  costs  and  deriving  busi¬ 
ness  value.  If  an  investing  follower  doesn’t 
move  to  become  an  investing  leader  or  fru¬ 
gal  leader  over  time,  change  is  in  order. 

IT  operations  savings  need  to  be  derived 
via  server  and  storage  consolidation,  client 
standardization  and  IT  manageability  im¬ 
provements.  Projects  should  focus  on  cost 
savings  in  the  most-important  business 
process  improvements  in  the  supply  chain, 
CRM,  financial  management  or  personnel 
management. 

IT  investment  styles 


Frugal  followers:  They  spend  less  on  IT 
than  their  peers  and  often  are  technology- 
investment  laggards.  This  frugality  often 
entails  some  positive  traits,  such  as  best 
practices  to  reduce  costs.Whether  because 
of  a  lack  of  investing  in  innovative  technol¬ 
ogy,  a  product  life<ycle  challenge,  or  not 
recognizing  some  other  fundamental  busi¬ 
ness  shift,  these  companies  have  fallen 


behind  their  peers  on  IT  ROI. 

Followers  often  need  to  migrate  to  an 
short-term  investment  phase  to  change 
their  competitive  position.They  can  start  by 
selecting  one  or  two  modest  high-impact 
strategic  projects  that  could  help  change 
the  market  or  target  a  competitor. 

IT  should  focus  on  a  mix  of  cost  savings 
and  revenue  growth, focusing  on  the  high- 
est-opportunity  business  process  im¬ 
provements  in  supply-chain  manage¬ 
ment,  CRM,  financial  management,  per¬ 
sonnel  management  and  analytics/busi¬ 
ness  intelligence. 

Once  the  planning  team  has  determined 
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its  competitive  positioning,  identifying 
opportunities  for  improvement  is  the  next 
step. Teams  should  proactively  explore  and 
quantify  ROI  options. 

Pisello  is  president  and  CEO  ofAlinean.  an 
Orlando  developer  of  tools  to  help  assess 
the  value  of  IT  investments.  He  can  be 
reached  at  tpisello@alinean.com. 


Alinean’s  PeerMap  shows  what  kind  of  ROI  large  pharmaceutical 
companies  get  from  IT.  The  analysis  is  based  on  IT  spending  vs. 
performance.  Performance  is  measured  using  Alinean’s  Information 
Productivity,  a  ratio  of  overall  profitability  divided  by  IT  spending. 
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IT  spending  as  a  percentage  of  revenue 


INVESTING  LEADERS 

■  Eli  Ully 
^  (Tizer 


INVESTING  FOLLOWERS 

GlaxoSmithKline  (U.K.)* 

■  Johnson  &  Johnson 
■  Schering-Plough 

■  AstraZeneca 
(U.K.) 


EASIER  TO  USE 

•  Auto-configuration  simplifies  set-up.  The  system  automatically 
addresses  the  ports,  appliances  and  computers  for  you 

•  Intelligent  AMIQ  interface  modules  remember  your  configuration, 
so  it's  easy  to  install,  maintain  or  move  your  servers 

•  Graphical  AMWorks  administration  software  and  mouse-driven 
on  screen  menus  are  simple  to  navigate  and  control 


>lidate  control  of  your  server 
wjtK  powerful  AMX  switching 


[AGE:  AVdCENT 


KVM 
Matrix 
Switching 


MORE  ADVANCED  FEATURES 


•  Scalable  architecture  grows  with  your  server  room 
•Supports  multi-rack  PS/2,  Sun  and  USB  server  environments 

•  Full  non-blocked  access  to  servers  and  serial  devices 

•  End-to-end  CAT  5  connections 

•  Save  rack  space  -  1 U  switch  supports  up  to  8  users  and  32 
servers;  2U  switch  supports  up  to  16  users  and  64  servers 

•  Multi-level  security  and  password  protection  for  each  user 

•  Multiple  users  can  share  access  to  the  same  server 

•  Share,  private,  scan  mode  available  to  all  users 


Smarter,  Simpler  KVM  Switching 


•  AMIQ  computer  Interface  module  retains  the  unique  ID  and  server  name, 
so  reconfiguration  and  expansion  is  as  simple  as  switching  the  cable 


•  Exclusive  AutoTuning™  optimizes  video  performance  over  UTP  cable,  at 
any  distance 


•  Build  customized  user  profiles  and  centralize  control  of  connected  servers 
with  AMWorks  -  Java-based  system  software  included  with  each  switch 


t. 


•  All  system  components  can  be  flash  upgraded  simultaneously  with  just  a 
few  clicks  of  the  mouse 


Call  for  an  Avocent  Authorized  Reseller  near  you 

1-866-286-2368 


Make  the  smart  switch.  Download  our  Definitive  KVM 
Buyer's  Guide  at  www.avocent.com/advantage 
or  call  1-866-286-2368. 


AvocenL 


^V\“  KVM  OVER  IP  and  Tht  of  Thm  jft  tr»d0'TUfKa  of  Avoc«nt 


The  Power  of  Being  There,- 


Experience  Counts.  GTA  incorporates 
eight  years  of  firewall  experience  into 
5  new  firewall  appliances  for  the  SME 
market.  With  features  including  VPN 
hardware  acceleration,  high  availability, 
content  filtering  and  gigabit  support, 
GTA  offers  complete  firewall  solutions 
at  a  price  SME  businesses  can  afford.To 
learn  more  about  our  family  of  firewalls 
visit  our  website  or  contact  a  GTA 
channel  partner. 
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COMPLETE  REMOTE  KVM  CONTROL  VIA  TCP/IP 


BESTOFII^ROP 
NnWORLD  INTEROP 
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2003  Winner 

of  the  Best  Of  Show  Award 


Extend  Your  IT  Reach  Seyond  The  Server  Room 


Kaveman  16  -  Allows  up  to  6  simultaneous 

users  connecting  16  servers 


How  does  Kaveman  work 


"1 1^1 


Remote  Client 
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_  a  u  e  m  a  n  _ 

Available  in  1,  8  and  16  channel  versions 


Servers 


-t; 

Monitoring  Coonguiation 

Lr 
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Remote  Keyboard,  Video  and  Mouse  Access  via  Web  Browser 

You  can  access  to  the  BIOS  level  of  your  servers  or  serial  devices  anytime, 
anywhere  with  full  KVM  control  via  a  Web  Browser  or  VNC. 

24/7  Automatic  Server  Monitoring 

Kaveman  monitors  server  functions  and  notifies  you  before  any  server 
problems  become  critical. 

Highly  Secure  Deployment 

Kaveman  utilizes  128-bit  SSL  encryption  for  all  keyboard  and  mouse  data 
and  supports  SSH  and  VPN  environments.  In  addition,  Kaveman  offers 
specialized  security  features  including  the  Turtle  mode  and  Stealth  mode. 

Non-IntrusiveTo  Your  Network  Environment 

As  a  stand  alone  device  that  requires  no  additional  software  or  hardware 
to  install,  Kaveman  minimizes  the  potential  impact  on  your  servers. 

Remote  Power  Cycling 

You  can  power  cycle,  turn  on/off  any  connected  device  over  IP  simply 
using  a  common  Browser. 


1“ 

The  Ensine  of  Inno'S'otion 


...  ,  Mention  Promotion  Code  ‘NETWORK  WORLD’  when 

www.dieitalv6.com  1-866-922-2333  u  •  v 

°  purchasing  the  Kaveman. 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 
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Observer 

Suite 
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Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDD!,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows'^  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  lull-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

us  (9S2)  932-9899  •  Fai  (952)  932-9545  •  UK  &  Europe  >44  (0)  1959  569880  •  fax  >44  (0)  1959  569881 


NE1W0RK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot"  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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"Keeping  the  Net.. .Working!" 


Yes,  you  can  Switch 
Power  over  the  Internet... 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just 
to  flip  the  power  switch  to  perform  a  simple  reboot... 


The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability 
to  perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /Off  /  Reboot  Switching 

■  Zero  U  Mounting 

■  Versatile  Zero  U  Mounting 


mh 


WWW,  wti.com 


(800)  854-7226 


^WII  •  Netnock  Bpot  B«i  PKfTP 


NETWORK  BOOT  BAR 

LOCATION:  NBB  Live  Demo  Unit 


SWITCHPANEL  Fiimware  Version:  1.01 


Plug 

Name 

Status 

On 

Off 

Boot 

1 
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Intrusion  Prevention 
for  Microsoft  Web  Servers 


SecurellS^”  Web  Server  Protection 


•  Requires  No  Signature  Database  Updates  •  Shields  Against  All  Classes  of  Attack 

•  Simple,  Powerful  GUI  •  Protects  Without  Disabling  IIS  Functionality 

•  Central  Policy  Management  •  RFC  Compliancy  Checking 


Download  a  FREE  Whitepaper  and  FREE  Trial  of  SecurellS: 
www.eEye.com/FreeSecurellS  or  call  866.282.8276 


SecurellS  delivers  proven  security  for  blocking  known  and 

<H>  ^ 

unknown  attacks  from  penetrating  Microsoft  IIS  servers. 

a£lL|**  Digital  Socuritg  i 

What  If 

Your  Hard  Drive  Crashed 


Right  Now? 


DupliDisk  provides 
real  time  data  mirroring, 
so  if  your  primary  hard  drive 
crashes,  your  computer  will 
continue  to  run  smoothly  with 
no  data  loss. 

•  Requires  no  device  drivers. 

•  Uses  no  system  resources. 

•  Complete  technical 
support  department. 

•  6  different  form  factors. 


Hot  Swap  models  available. 


FREE  GIFT 

Mention  This  Ad  or 
Visit  our  Website. 


IDE  RAID  Contrcfhr 


ARCO 
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www.arcoide.com/nwgift  •  (800)  458*1  €c6 
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-  UltraLink™ 

REMOTE  KVM  ACCESS  OVER  IP 

■  Connect  to  remote  computer  over  Ethernet  or  dial-up 

»  Single,  dual,  quad  models 

Local  KVM  port  to  access  computers  at  Ultra  Link  unit 
Modem  port  with  dial-back  security 

■  Up  to  1280x1024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

•  Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

■  Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

SSL  security  and  passwords  prevents  unauthorized 
access 


Rose  Electronics  ■  10707  Stancliff  Road  ■  Houston,  Texas  77099 


CrystalView™ 

CATS  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1000'  from  your  computer 

♦  Supports  PC.  Sun,  or  USB. 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600  x1 200  resolution 

♦  Available  as  standalone,  rack 
mounted,  or  high  density  chassis 


CrystalView™  Rack 
CATS  KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC’s  up  to  1 000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1200  resolution 


CrystalView™  Pro 

DIGITAL  KVM  EXTENDER 

OVER  FIBER  OR  CAT  S 

♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVIA/GA,  PC,  Sun.  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1 200  resolution 


CrystalView™  Mini 
CATS  KVM  EXTENDER 

♦  Extends  KVM  station  up  to  150 
feet  away 

«  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1280x1024  resolution 


WWW.ROSE.COM 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+65  6324  2322 


ELECTRONICS 


NITS 
WER 

i^ROTECriON 
AFFORDABIUXSC 


Th«  ^  . 

NEW 

Office  The 

Pro*10 

Office 

Pro»18 


MORE  REASONS  TO  CAU  MOVINCOOL. 
#1  IN  PORTABLE  SPOT  AIR  CONDITIONING 
FOR  OVER  30  YEARS. 


►  Protects  against  excessive  heat  ►  No  costly  installation 

►  Prevents  costly  system  failures  ►  Affordable  rent,  lease  or  purchase  options 

►  inaR«es  productivity  and  manufactunng  quality  ►  The  only  ETL-verified  portable  air  conditioner 

►  ijp  to  60,000  Btu/h  of  cool  ax  for  pertormance 


Call  e:iO-354-9673  or  visit  www.movincool.com  to  ask  about  our  affordable  leasing  options! 


02003  OOCi  : 


MCVINCOOL. 

THE  #  t  PORTABLE  SPOT  COOUNG  SOLUTION 
_  Inc  UtAwOnil.  SixX  Cool  and  Office  Pro  are  registered  trademarks  at  OENSO  Corporalun. 


Power  Control 


What’s  Your 
’Current’  Load? 


Verity  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existins  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  disital  display 

Sentry  Power  Tower.  Equipment  Cabinet  Solutions. 


Server  Technology,  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  vvww.servertech.com  toll  free:  1.800.835.1515 


NetworkWMd 

THE  HUB  OF  THE  NETWORK  BUY 


OptimumDataInc.  ^ 

www.optimumdata.com 


foil  free  800  879  8795 
ph:  + 1  402  575  3000 
fax: +1  402  575  2011 


We  bL 


fe  BJuy  &  S 
Usqd  Cisc 


1 20;Dqy 

Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 


tRK  MARDW 


Clltl  StlTi»l 


Easy  as 

IK»LL 


COMPAa 


□ 


=  FEDCOM^USA  ^ 

Your  #1  Source  -  Since  1990 
770-772-6000 


Advertise  In  the  Marketplace 
ahd'lvatch  yottc  sales  come 
^  V  pouring  In!  ^ 

Calf  Direct  Response  Advertising 

1-800-622-1108 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


4211^ 

Truckload 


Cisco  Systcks 

NCRTEL 

NETWORKS 


38B 


caaeri^on 

_ sysru-nis 


Sale 

Bay  Nerwo£k^ 


Fax  Equipment  List  To  801  -377-0078 


888-8LANWAN 

Call  for  Free  Quote!  (888-852-6926)  www.nte.com 


—  55 

“  8/04/03 


Make  the  Smart  Choice, 
Trust  the  Experts  *■ 

^uintinental 

Computers  SlMt  19S4 


Cisco  Systems 


Authorized 
Reseller 

Thooo  logo*  are  a  trademark  of  their  reepective  compantee  and  aervtcea 


Versa  Tables 
Factory  Direct  Prices 
Lifetime  Warranty  made  In  USA 


310-B73-0384  www.vertedlreol.eom 


Protect  your  server  room  with 
a  Weather  Duck  Climate  Monitor 


o  Temperature 
B  Humidity 
o  Air  Flow 
»  Light  Level 

•  Doors  Open 

•  Camera  Optional 

•  Saurtd  Level 


Weather 

Duck 


5  12.345.8  189 

www.ITWatchDogs.com 


Network  Test  Functions 
at  a  “Low-end” 
Coble  Tester  Price 


Attn:  Network  Technicians 


Capture  and  Generate  Packets 
Simulate  Network  Loads 
Monitor  Network  Utilization 
Test/View  DHCP 
Operations/Settings 
and  more... 


With  the  touch  of  your 
stylus  and  our  handheld 
network  analyzer  kit 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


FIBER  OPTIC 
SOLUTIONS 


•  Tl/El  &  T3/lil  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM3270Coax,  AS400Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  ArcnePLlhemetToken  Ring 

•  Video/ Audio/I  lubs/Repeaters 

•  lSO-9001 

- . 

a.f.  *  mrns^K  a 

Toll  Free  866-SITcch-l 
6.10-761-3640,  Fax  630-761-3644 
mvtt.sitech-bitdrivsr.com 
www.silechtlber.ccm 


Client  Services  EnQineer 
-fnplemeni  all  of  the  company's 
technical  support  programs  Mon¬ 
itor  and  respond  to  all  customer 
tnqumes  via  phone  and  email,  doc¬ 
ument  can  activity  and  ensure  cus¬ 
tomer  satisfaction  Maintain  techni¬ 
cal  profioericy  according  to  core 
competency  guidelines.  Document 
recurrent  technical  problems  with 
FAQ  responses  and  Application 
Notes  Perform  on-site  engage¬ 
ments  and  training  Develop  prob¬ 
lem  theory  and  resolutions  within 
complex  web  environment  involv¬ 
ing  web  servers,  level  3  devices, 
custom  code,  backend  databases 
ar>d  appilication  servers.  Work  in  a 
challenging  team-oriented  environ¬ 
ment  engaged  in  deploying  web 
security  and  access  control  for 
state-of-the-art  e-commerce  appli¬ 
cations  Perform  network  adminis¬ 
tration  and  performance  tuning  of 
either  UNIX,  NT  or  Novell  platform. 
Use  Peri.  Java.  CGI.  C/C++.  ASP. 
HTML.  XML,  Requirements  Include 
a  Master's  degree  or  equivalent  in 
Computer  Science,  an  Engineering 
discipline  or  related  field  and  one 
year  of  expenence  in  the  job  of¬ 
fered  or  related  field  of  web  server 
platforms  and  applications.  Appli¬ 
cants  must  have  unrestricted 
authorization  to  work  in  the  United 
States.  Salary  $76. 320/year.  40 
hours/wk.  Respond  with  two  copies 
of  resume  to  Case  #200201964, 
Labor  Exchange  Office.  19  Stani- 
ford  St  .  1st  FI.,  Boston.  MA  02114. 


Senior  EAI  Programmer /Analyst: 
Analyze  integration  reqs  for  en¬ 
terprise  appl's  -  SAP.  CRM  appl’s, 
lie  rel  dbases  &  internet  based 
appl’s.  Des.  dev  &  imp  integration 
solutions  using  See-Beyond  suite 
of  products  (e’Gate.  e*lnsight. 
e*Exchange.  java/monk  program¬ 
ming).  Dev  reusable  enterprise 
services  for  SAP  processes  that 
can  form  the  basis  for  building 
complex  bus  processes.  Estab¬ 
lish  EAI  dev  process  &  standards. 
Support  &  enhance  the  existing 
SeeBeyond  interfaces  that  inte¬ 
grate  external  partners  using  EDI 
&  XML.  MS  or  equiv  in  CIS.  Eng. 
CS  or  rel  +  4  yrs  exp  as  SW  Eng. 
Eng.  Programmer  or  rel.  Exp  to 
incl:  IT  Software  development  / 
programming  (4  Years);  Enter¬ 
prise  Integration  (2  yrs);  Dev/  imp 
enterprise  appl’s  (1  yr);  Internet 
Programming  and/or  rel  dbase 
programming  (1  yr);  SeeBeyond 
products  -  e’gate,  e'Insight,  and 
e'Exchange  (2  yrs);  Java/Web 
lech  (2  yrs);  &  SAP  imp  (1  yr). 
Position  is  40  Hrs  Wk  /  $100K/yr. 
located  in  Manchester  NH.  Send 
2  copies  of  resume  to;  Job  Box 
2003-279.  PO.  Box  989. 
Concord.  NH  03302-0989. 


Computer  Analyst 

Heating  Oil  Partners.  L.P.  has  an 
immediate  opening  in  its  Darien. 
Connecticut  facility  for  a 
Computer  Analyst. 

Analyze  user  requirements,  pro¬ 
cedures  and  problems  to  auto¬ 
mate  and/or  improve  existing 
systems,  review  computer  sys¬ 
tem  capabilities,  workflow  and 
scheduling  limitations,  and 
design/write  program  specifica¬ 
tions. 

Must  possess  a  bachelor's 
degree  in  Computer  Science  or 
a  related  field  and  relevant 
experience  with  ASP.  Java. 
Applet.  Javascript.  VB  script. 
DHTML.  HTML.  database 
Connectivity,  Java  and  00 
design.  Visual  Basic.  C  and 
SQL 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
dbc'^^  and  specify  reference 
.  .Je  CA  orit  will  be  rejected. 

k ‘T.vdrd  resume  to  Eileen  M. 
vsr.  Man^iger.  Personnel  and 
Heating  Oil  Partners, 
•  t  OoMand  Avenue.  East 
Hortfr».-a  CT  0610ft 


API  Support  Engineer 

Resolves  s/w  h/w  probs  using 
Visual  C.  Visual  C++.  VB.  PC 
architecture.  BIOS,  RAID. 
Sync/Async.  Signal-polled,  call¬ 
back.  single-  &  multi-threaded. 
Answers  user  reqs  re  computer 
telephony  h/w  &  s/w  probs. 
Communicates,  interviews  user 
re  errors  &  app  design.  Keeps 
call  records.  Contacts  s/w  h/w 
vendor  re  probs.  Codes  demos, 
interprets  3rd  pty  code  w/cust. 
Explains  s/w  errors  to  program¬ 
mers.  Installs  h/w.  s/w  &  periph. 
equip.  Writes  user  manuals. 
Serves  as  mentor.  11a-8p. 
Reqmts:  BS  Comp  Sc  or  Engnr; 
1  yr  App.  Supt.  Engnr.  Send 
resume  to;  Dir.  CT  Support. 
ScanSource.  6  Logue  Ct., 
Greenville.  SC  29615.  EOE 


Analytic  Programmer.  Wachovia 
Corp.,  Charlotte.  NC.  Develop 
derivatives  trading  appis.  for  trad¬ 
ers  using  the  Calypso  system  as 
a  foundation.  Design  and  imple¬ 
ment  trading  applications.  Reqs. 
BA  in  Computer  Science  &  2  yrs 
exp.  in  the  pos.  offered  or  as  a 
Software  Developer,  The  2  yrs 
must  incl.  work  developing  finan¬ 
cial  trading  applications  in  UNIX 
and  NT  environments  using  JA¬ 
VA.  C++  and  SQL  and  work  with 
derivatives  products.  M-F,  8-5. 
Send  resume  to  Meredith  Krogh. 
Wachovia  Corp..  401  South  Tryon 
Street.  15th  Floor.  NC  0475. 
Charlotte,  NC  28288-0475.  No 
phone  calls. 


IT  Leader,  Quality  Assurance. 
Charlotte,  NC.  Wachovia  Corp. 
Define,  coordinate,  and  execute 
testing  for  existing  or  newly  devel¬ 
oped  high-profile  banking  applica¬ 
tions  on  the  Internet.  Reqs.  BA  in 
Computer,  Industrial  or  Production 
Engineering  &  2  yrs  exp.  in  the 
position  offered  or  as  an  IT  Analyst 
or  Software  Engineer.  The  2  yrs 
required  exp.  must  have  included 
software  development,  testing, 
metrics,  and  performance  monitor¬ 
ing  using  Quality  Management 
processes  and  tools  and  work  with 
automated  test  tools  such  as 
WinRunner.  LoadRunner,  and  Test 
Director.  M-F.  8-5,  Send  resume  to 
Randall  Buck.  Wachovia  Corp.. 
1525  West  W.T  Harris  Blvd,  NC 
0775.  Charlotte.  NC  28262-0775. 
No  phone  calls. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville.  TN:  Senior  Programmer 
Analyst.  Formulate/define  function¬ 
al  requirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  Bachelor's  degree 
or  equivalent  in  computer  science. 
MIS.  engineering  or  related  field 
plus  5  years  of  experience  in  sys¬ 
tems/applications  development. 
Experience  with  3rd/4th  generation 
programming  languages,  including 
Java;  RDBMS;  and  batch  process¬ 
ing  also  required.  'Master's  degree 
in  appropnate  field  will  offset  2 
years  of  general  experience.  Sub¬ 
mit  resumes  to  Sibi  George.  FedEx 
Corporate  Services.  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando. 
FL  32810.  EOE  M/F/D/V. 


Systems  Analyst-2  Positions: 
Design,  analysis  and  devel¬ 
opment  of  web  and  intranet 
applications  with  the  focus 
on  E-commerce  solutions 
using  Java,  ASP,  Javascript, 
HTML.  C++  and  connectivity 
with  MS  SQL  database.  Req. 
MS  in  CS/InfoTech.  OR  BS/ 
BBA  with  3  yrs  of  related  exp. 
Resume  to  Skaps  Industnes, 
571  Industrial  Park  Way, 
Commerce,  GA  30529. 


SOFTWARE  ENGINEER:  Lotus 
notes  domino  application  develop- 
ment  and  administration.  Design, 
deploy  enterprise  application  using 
J2EE.  Weblogic,  Websphere;  UML. 
Rational  Rose  and  ORACLE.  The 
job  duties  are  to  Analysis  of  current 
procedures  and  problems  to  refine 
and  convert  the  data  to  program¬ 
mable  form:  determine  output  re- 
quirements;study  existing  systems 
to  evaluate  effectiveness:  upgrade 
systems  presently  In  use;  develop 
test  and  implement  new  software; 
observe  functioning  of  newly  imple¬ 
mented  system  and  programs  for 
trouble  areas;  correct  systems/pro¬ 
grams  as  necessary.  Requires  BS/ 
Eng  or  equivalent  in  education  with 
1  year  of  software  development  ex¬ 
perience.  40  hours  per  week  at 
$60,000  per  year.  Please  send  res¬ 
ume  to  Case  #  200202095  Labor 
Exchange  Office,  19  Staniford  St.. 
1st  floor.  Boston.  MA  02114. 


Systems  Analyst.  Charlotte.  NC. 
Wachovia  Corp.  Under  direct  sup¬ 
ervision,  design  &  develop  appl. 
software,  convert  specs,  into  code 
&  test  &  prepare  code  for  produc¬ 
tion,  Reqs.  BA  in  Computer  Sci¬ 
ence  &  1  yr.  exp.  in  the  pos.  offered 
or  as  an  IT  Web  Designer.  Grad¬ 
uate  Engineer  or  Computer  Pro¬ 
grammer,  The  1  yr  must  incl.  work 
converting  specs,  into  code,  testing 
&  preparing  code  for  production  & 
work  w/  C++.  JAVA.  J2EE  technolo¬ 
gies.  JSP.  ASP.  HTML  languages 
using  web  servers  (i.e.  TOMCAT) 
on  SQL  Server  &  ORACLE  data¬ 
bases  in  a  UNIX  environment.  M-F, 
8-5.  Send  resume  to  Randall  Buck. 
Wachovia  Corp.,  1525  West  W.T. 
Harris  Blvd.  NC  0775,  Charlotte, 
NC  28262-0775.  No  phone  calls. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville.  TN:  Senior  Systems 
Programmer.  Devise  procedures  to 
solve  complex  systems  and  appli¬ 
cations  problems.  Requirements: 
Bachelor's  degree  or  equivalent*  in 
computer  science,  MIS.  engineer¬ 
ing,  mathematics  or  related  field 
plus  5  years  of  experience  in  sys¬ 
tems  programming.  Experience 
with  retail  point-of-sale  systems/ 
applications  development  using 
Java;  CORBA;  and  systems/inte¬ 
gration/user  acceptance  testing 
also  required.  ’Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George.  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd..  Suite  1400.  Orlando. 
FL  32810.  EOE  M/F/DA/. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis.  TN: 
Technical  Advisor.  Provide  technic¬ 
al  advice  and  expertise  to  systems 
development  project  groups  in  de¬ 
fining.  developing  and  reviewing  ex¬ 
isting.  as  well  as  proposed,  applica¬ 
tions  for  major  computer  systems. 
Requirements:  Bachelor’s  degree  or 
equivalent*  in  computer  science, 
math.  MIS  or  related  field  plus  7 
years  of  experience  in  systems/ 
applications  development,  including 
programming.  Experience  with  Vis¬ 
ual  Basic,  SQL  Server  and  Server 
hardware  also  required.  'Master’s 
degree  In  appropriate  field  will  offset 
2  years  of  general  experience. 
Submit  resumes  to  Chris  Gibney. 
Federal  Express  Corporation.  2003 
Corporate  Plaza.  3rd  Floor.  Mem¬ 
phis.  TN  38132.  EOE  M/F/D/V. 


COMPUTER-Oracle 
Database  Administrator 
(NY,  NY),  Install,  configure 
&  administer  Oracle  Data¬ 
bases,  Oracle  Financial 
Applications,  SUN  SPARC 
Solaris  Servers  &  Storage 
Systems,  Perform  SQUPL- 
SQL  Scripting,  Unix  shell 
scripting,  VAX  VMS  &  Alpha 
operations.  4  yrs  of  Oracle 
DBA  exp.  req'd.  Send  cover 
Itr  &  CV  to:  GNYHA,  555 
West  57th  St.,  NY,  NY 
10019,  Attn:  HR-DBA. 


Luckily,  We  Are  Too! 


itcareers.com  is  now  powered 
by  CareerJournal.com! 

Search  for  jobs  and  post 
your  resume  here  on 
WWW. itcareers.com 


Computerworld 
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Programmer  Analyst 
needed  w/exp  in  s/w  appli¬ 
cation  using  UML,  J2EE, 
EJB,  JMS,  Weblogic  Ser¬ 
ver,  XML.  TIBCO  and 
Oracle  on  Unix  and 
Windows  NT  platforms. 
Send  resumes  to:  Triple 
Point  Technology,  Inc.,  301 
Riverside  Ave.,  Westport, 
CT  06880.  No  inperson 
resumes/interviews:  only 
respond  by  mail. 


Sr.  Project  Engineer/Manager  wan¬ 
ted  at  our  location  in  Chicago,  IL. 
Bachelor's  degree  or  foreign  equiv¬ 
alent  degree  in  Telecommunica¬ 
tions  or  related  field  and  2  yrs. 
experience  in  job  offered  or  in 
Financial  Communications  or  Tele¬ 
communications.  Experience  must 
include  WAN.  LAN.  and  IP-based 
router  networking  and  configuration 
or  design  of  large  IP-based 
Intranet/Extranet  incorporating 
Firewall  security  and  server  ser¬ 
vices.  E-mail  resume  to 
Rebecca. Gustamente@ 
Radianz.com  (subject;  Code  0314). 


Better 

address? 


Better 

compensation? 

Better 

training? 


Better  get 
in  here! 


itcareers.com 


Project  Manager 

Evaluate  technical  specifi- 
ctns.  design  &  implement 
managmnt  applictns.  remote 
training/on-line  educ.  &  busi¬ 
ness  applictn  for  multi-nation¬ 
al  companies.  Req:  BS  in  CS, 
3  yr.  Exp.  Skills  in  Oracle 
Appli.  Designer  &  Developer, 
BlackBoard,  Manugistics, 
WorkFlow  Recruit,  Supply 
Chain  Management,  Lotus 
Courseware,  Java,  J2EE  and 
.NET,  C++.  40hr/wk,  9-6. 
Resume/Ad  to  3213  W.  Main 
#592,  Rapid  City,  SD  57702. 


Senior  Software  Engineer  want¬ 
ed  by  Financial  Computer 
Services  Inc.,  in  Fairfield,  NJ. 
Must  have  a  MS  in  Comp  Sci  or 
related  field  with  min  2  yrs  exp  in 
high  perf  s/w  dsgn  &  dvipmnt. 
Job  duties  include  dsgning  & 
dviping  arch  for  all  internal  & 
external  info  technology  sys¬ 
tems  to  provide  finance-based 
services  using  object-oriented 
technology  &  various  s/w  dvlpm- 
nt/testing  tools.  &  dviping,  imple¬ 
menting  &  integrating  db  apps 
using  various  db  technologies  & 
data  comm  protocols.  Provide 
ongoing  mgmt  &  admin  on  appli¬ 
cation  systems  &  technology 
environments.  Fax  resume  to 
HR  Dept  at  973-227-8795. 


Sr.  Computer  Engineer:  Lead  IT 
division  to  design,  develop  and 
test  both  system  and  application 
level  software  for  E-business, 
and  to  maintain  and  upgrade 
information  technology.  Master 
in  Computer  Science  or  in 
Electrical  Engineering,  and  relat¬ 
ed  IT  exp.  required. 

Database  Administrator:  Code, 
test,  and  implement  database 
applications.  Maintain  and 
improve  high  volume  e-com- 
merce  and  accounting  databas¬ 
es.  Two  years  related  experi¬ 
ence  required. 

Send  resume  to  Chang-Sheng, 
Inc.,  HR  Dept.,  10641  Harwin 
Drive.  Suite  502,  Houston,  TX 
77036 


Software  Engineers  to  analyze, 
design,  develop,  implement 
appis  using  Java,  C++/C,  Perl. 
Shell  Script,  JDBC.  VB,  Pro*C. 
Oracle,  Dev  2000,  SQL  Server 
on  UNIX/Windows  platforms; 
perform  unit/integration  testing, 
performance  tuning  and  query 
optimization;  interact  with  clients 
to  ascertain  functional/tech, 
reqs.;  provide  customer  support, 
feedback;  debug  and  trou¬ 
bleshoot;  train  team  members/ 
end  users.  Require:  M.S.  or  for¬ 
eign  equiv.  in  CS/Engg.(any 
branch)  with  1  year  exp.  in  IT. 
Travel  involved.  High  salary.  F/T. 
Resume:  HR,  Compsoft 

Technology  Solutions  Group, 
Inc.,  11  N  Roselle  Rd.. 
Schaumburg,  IL  60194. 


PROGRAMMER  ANALYST 
G.I.M.  Productions  Inc., 
Chicago  IL,  seeks  Progr¬ 
ammer  Analyst  to  design  & 
develop  s/w  appi  using  C, 
C++,  Java,  Java  Script,  SQL, 
PL/SQL,  cold  fusion.  Flash, 
ASP.  EJB.  Servlets,  XML, 
HTML  &  VB.  Resp.  also  incl. 
design  &  impl.  of  data  bases 
using  SQL  Server  2000, 
Oracle  &  Access.  Must  have 
BS  in  Cmp  Sc  &  2  yrs  relevant 
exp.  Email  resume  to: 
jobs@gimproductions.com 


Software  Engineer 
Hexaware  Technologies,  Inc.  is 
seeking  a  Sftwr  Engr  to  aniyz, 
dsgn.  dev.  code,  test  &  implem. 
sftwr  progrms/appis.  MS  in 
Comp.  Sci.,  Electronics  Engrg, 
Physics  or  Math  +  1  yr  exp  as 
Sftwr  Engr,  Prog.  Analyst  or 
Sftwr  Consitnt  rqd.  Must  have 
exp.  w/dev.  &  implem.  acctg  or 
mgmnt  syst.  using  FoxPro  for 
Windows,  PowerBuilder,  Sybase 
SQL  Anywhere  &  Oracle 
PL/SQL.  High  mobility  preferred. 
Resume  only  to:  R.  Ravindran, 
Director-HR,  Hexaware 

Technologies,  Inc.,  4343 
Commerce  Ct.,  Ste.  618,  Lisle. 
IL  60532. 


Business  Analyst  to  analyze  and 
design  high  end  business  models, 
technical  experience  in  CRM  im¬ 
plementation  in  telecom,  finance 
modules  necessary.  Working  kno¬ 
wledge  of  Billing,  Rating,  Media¬ 
tion  systems  and  automated  work 
flow  systems  PL/SQL,  MS  Sql- 
Server,  Oracle  81,  Visual  C++,  XML 
/XSLT  and  Centura  is  required. 
Full  time  position  M-F  pays  market 
level  salary.  Applicants  with  Bach¬ 
elor  degree  in  Engineering  plus  2 
years  related  experience  in  tele¬ 
communications,  send  resumes 
only  to:  Supra  Telecommunica¬ 
tions  and  Information  Systems 
Inc.,  Human  Resources  Dept., 
2620  S.  W.  27th  Ave.,  Miami,  FL 
33133. 


Synergy  has  openings  for  IT  pro¬ 
fessionals.  Qualified  applicants 
must  have  BS  with  some  experi¬ 
ence.  Strong  background  in 
TCP/IP  Suite,  Weblogic,  Oracle, 
SQL,  VB,  PeopleSoft,  Java  is 
plus.  Please  send  resumes  to: 
hr@synergycom.com.  Travel  is 
required  for  some  positions.  EOE 

Horizon  Companies,  Inc.  is  look¬ 
ing  for  system  analyst  &  other  IT 
professionals.  Minimum  require¬ 
ment  is  BS  plus  IT  experience. 
Skills  in  VB  5.0,  Forms  4.5,  SAP, 
PeopleSoft,  Oracle  &  Oracle 
Financials,  AP,  AR,  GL  preferred. 
Apply  at: 

info_hori2on@horizoncompanies.com 

EOE 


Softec  Solutions,  Inc.  seeks  ap¬ 
plicants  for  the  position  of  Pro¬ 
grammer  in  Englewood,  CO  to 
develop  Web-based  and  Palm- 
based  software  applications.  Re¬ 
quirements  for  position  include  a 
bachelor's  degree  in  computer 
science,  electrical  engineering  or 
related  field  and  software  pro¬ 
gramming  experience.  Addition¬ 
al  requirements  include  working 
knowledge  of  developing  Web- 
based  and  Palm-based  applica¬ 
tions.  JSP,  Satellite  Forms,  and 
Oracle’Consolidator.  Respond 
by  resume  to  Parimal  Joshi, 
Softec  Solutions,  384  Inverness 
Pkwy.,  #211,  Englewood,  CO 
80112. 


Computer  Systems  Admin¬ 
istrator.  Anaiyze/maintain/ 
modify  applications  on  IBM 
mainframe.  Req.  BS  Math/ 
Comp.  Science/Rel.  Field  & 
2  yrs  exp  in  job/2  yrs  exp  as 
Sr.  Analyst/Programmer. 
Spec.  Req.  Expertise  in 
COBOL,  DB2,  CICS,  CSF, 
Cordaptix  &  Utility  Billing 
Systems.  Send  Resume; 
Louie  G.  Abad,  EV3A,  Inc., 
412  Welisley  Court, 
Folsom,  CA95630(Jobsite). 


Get  Ahead  In  Your  Career! 


BDPA,  The  Premier  Organization  For  African  Americans 
In  Information  Technology,  Inuites  You  To  Attend  The... 


BDPA  National  Conference 


CAREER  EKPO 

August  15  -16,  2003  •  Philadelphia  Marriott 

Friday,  August  15:  10;00am  -  6:00pm  •  Saturday,  August  16:  10:00am  -  4:00pm 
FREE  ADMISSION  TO  THE  CAREER  EXPO! 

Employers  Include:  Abbott  Laboratories  •  Accenture  •  Advanced  Reasoning  Systems  •  Anthem  Blue 
Cross  Blue  Shield  •  AstraZeneca  •  Cardinal  Health  •  Computer  Associates  •  Compuware  Corporation  • 
Dell  Computer  •  Deloitte  Consulting  •  FleetBoston  Financial  •  GlaxoSmithKline  •  Greenwich  Technology 
Partners  •  Hewitt  Associates  •  Household  International  •  Iowa  Human  Resource  Recruitment 
Consortium  •  Mayo  Clinic  •  McDonalds  Corporation  •  Merck  &  Company  •  Performigence 
Corporation  •  Sears  Roebuck  &  Co.  •  Siebel  Systems  •  Siemens  Business  Services  •  Thomson 
West  •  Toyota  Motors  •  Unisys  •  The  Vanguard  Group  •  Verizon  Wireless  •  Wachovia 

For  the  latest  information,  please  visit  us  at  www.shomex.com/bdpa. 

Employers  -  To  exhibit  at  the  Career  Expo,  please  call  Gloriann  Clark  at  310-309-4409. 


To  register  or  get  more  information  on  attending  the 
conference,  which  features  over  30  workshops,  please  call 

800-727-BDPA  or  visit  us  at  wuuw.bdpa.org/conference.cfm. 


Client  Integration  Consultant: 
Req.  Bach  or  equiv.  in  CS,  Eng., 
or  rel.  field  +  4  yr  relevant  exp. 
Contact  brokerage  client  to  ob¬ 
tain  integration  reqmts  &  deliver 
trading  solutions.  Interface  w/ 
trade  order  mng.  systms  {incl. 
MerrinLink,  MacGregor.  Mass- 
Link,  Landmark),  post-trade  allo¬ 
cation  algorithms,  clearing  & 
settlement  systms  re:  trading 
applies.  Perform  applic  integra¬ 
tion  using  FIX  trading  protocol, 
interface  w/mkt  data  systms. 
Generate  P&L.  Create  ad-hoc 
reports  quickly  from  variety  of 
tools,  incl  Visual  C++,  Perl/Tk, 
Python,  MFC,  STL,  COM,  X/ 
Motif.  Crystal  Reports  in  UNIX 
envirmt.  Report  formats  from 
Bear  Stearns,  OASYS,  OATS. 
Middleware  prgmg  using  Tibco 
Rendezvous.  Talarian  Smart- 
Sockets  &  Corba  messaging 
protocols.  ITG,  Inc.,  NY.  NY. 
(www.itginc.com).  Fax  c.v.  to 
HR/SM  at  (617)  692-6889.  No 
Calls.  Principals  only.  EOE. 


Staff  Analyst  -  ABAP  Developer 

Analyze  IT  operational  require¬ 
ments.  Develop  new  custom  in¬ 
terfaces.  Maintain  existing  cus¬ 
tom  interfaces,  enhancements, 
reports  &  forms  using  SAP  ABAP. 
Develop  detailed  design  specs, 
from  business  requirements. 
Write  custom  ABAP/4  code  to  ful¬ 
fill  design  requirements.  Must  be 
willing  to  travel  to  project  sites 
throughout  US  on  short-  or  long¬ 
term  assignments.  Must  have 
Bachelor's  degree  or  foreign 
equiv.  in  Comp  Sci.  Engineering. 
Business.  Accounting  or  related 
field  +  3  yrs  exp  in  job  offered  or 
SAP  Systems  Analyst.  8:30am- 
5pm.  M-F.  OT  as  needed. 
$90,000/yr.  Reply  to  Job  Order 
#WEB343666.  Site  Manager, 
Beaver  County  Careerlink.  2103 
Ninth  Ave.,  Beaver  Falls,  PA 
15010-3957. 


TECHNICAL  CONSULTANTS.  Pro¬ 
vide  design,  development,  and 
delivery  of  customer-specific  prod¬ 
uct  extensions,  integrations,  re¬ 
ports.  and  data  analyses  in  man¬ 
aged  project  framework,  working  at 
various  unidentified  assigned  sites 
in  U.S.  Provide  analysis  for  func¬ 
tionality  of  employer  and  customer 
legacy  systems.  Act  as  subject  mat¬ 
ter  expert  in  sales  cycle  and  pro¬ 
vide  quality  assurance  support  in 
monitoring  technical  aspects  of 
partner  engagements.  Provide 
technical  design,  testing,  documen¬ 
tation,  prototyping,  development, 
installation  and  deployment  of  cus¬ 
tomer-specific  integration  solutions. 
Requires  M.S.  in  Electronics,  Phys¬ 
ics  or  related  field;  three  years  ex¬ 
perience  in  job  offered  or  software 
development:  experience  must 
include  C#  /  VB.Net;  ASP.Net  com¬ 
mercial  .Net  web  projects:  Java¬ 
script/  DHTML;  XML/XSLT;  ASP; 
Real  Time  projects  in  Java;  Data¬ 
base  design  including  MS  Access 
2000/97  and  MS  SQL  7/2000 
including  triggers  and  stored  proce¬ 
dures.  Must  have  current  authoriza¬ 
tion  to  be  permanently  employed  in 
the  United  States.  Send  resume  to 
Janet  Case.  Powerway.  Inc.,  6919 
Hillsdale  Court.  Indianapolis,  IN 
46250. 


Network  Administrator  for  IT  co 
in  Wilmington,  DE  to  configure, 
manage  computer  networks, 
perform  tuning  of  application 
packaged  under  UNIX  &  Win 
2000/NT/95  operating  systems. 
Utilize  knowl  of  LAN/WAN  con¬ 
nectivity  using  Routers.  Switch¬ 
es,  Firewall  gateways  over 
leased  circuits.  Utilize  routers  & 
protocol  such  as  Cisco,  Lucent, 
etc.  RIP.  OSPF.  EIGRP&  BGP-4 
Dsgn  network  security  &  train 
network  admin.  Req:  Associates 
deg.  diploma/equiv  in  Comp  Sci. 
Electronics  or  related  &  2  yrs 
exp.  Any  combination  of  edu  & 
exp  that  equates  to  min  req  is 
acceptable.  Resp  to  Int'l  Bus¬ 
iness  Software  Solutions.  Inc., 
901  Market  St.  Ste  480, 
Wilmington.  DE  19801,  fax  (302) 
654-4592,  Jobs2@ibssinc.com 


Sr.  Software  Engineer 

To  design,  develop,  implement,  tun¬ 
ing  performance  and  maintaining 
next  generation  E-commerce  prod¬ 
ucts.  Work  with  latest  distributed 
object  technologies  and  as  a  senior 
contributor  for  one  of  the  compa¬ 
ny's  E-commerce  product  lines. 
Interact  with  Quality  Assurance, 
sales,  product,  client  services  and 
customers  to  understand  their 
requirements  and  implement  world 
class  solutions.  Require  expertise 
in  Client  server  and  Web  develop¬ 
ment.  ORACLE  database.  VC++. 
VB.  ATL.  ASP.  COM+.  ADO,  UML. 
XML.  Windows  NT/2000. 

Require  2  yrs  exp.  in  job  offered  or 
2  yr  exps.  in  Software  Develop¬ 
ment.  B.S  in  Computer  Science. 
Engineering  or  related  field.  Work 
requires  traveling  to  various  loca¬ 
tions  as  per  the  project  require¬ 
ment.  Salary  is  $88.000/yr,  40 
hrs/wk,  8:00  to  5:00  p.m.  Send  two 
copies  of  resume  to  Case 
#200202168,  Labor  Exchange  Of¬ 
fice,  19  Staniford  St.  1st  floor. 
Boston.  MA  02114. 


□  ET2J 

NET2S  is  a  leading  International  e- 
business,  information  technology, 
and  communication  infrastructure 
consulting  firm.  We  are  currently 
seeking  for  the  following  positions; 

•  Sr.  Tibco  (RV.  Hawk,  ingetration 
Manager)  Developer 

•  IT  Risk  Mgmt  Security  Architect 

•  Sun  One  /  Siteminder  Architect 

•  Business  Objects  /  Cognos 
Developers 

•  NET  Architect 

All  positions  require  BS/MS  degree 
with  a  minimum  of  2  to  3  years  of 
experience  in  the  field  Must  p^- 
sess  excellent  communication 
skills  as  well. 

NET2S.  82  Wall  Street.  Suite  40C. 
New  York.  NY  10005;  Fax.  (212) 
279-1960;  Phone  (212)  279-6565;  or 
Email:  jobus-nv@net2s.CQm 
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I  SEMINARS.  EVENTS 


Network  World  Seminars 
and  Events  are  one  and  two- 
day.  intensive  seminars  in 
cities  r^tionwide  covering 
the  latest  networking  technologies.  All  of  our  seminars  are 
also  available  for  customized  on-site  training.  For  complete 
and  immediate  information  on  our  current  seminar  offerings, 
call  a  seminar  representative  at  800-643-4668.  or  go  to 
www.nwfusion.com/seminars- 


Publicize  your  press  coverage  in  Network 
World  by  ordering  reprints  of  your  editorial 
mentions.  Reprints  make  great  marketing 
materials  and  are  available  in  quantities  of 
500  and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399-1900  x129 
or  E  -mail:  mshobei@reprintbuyer.com 
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Best  and  worst  of  both  worlds 

Some  pros  and  cons  of  running  a  hybrid  IP/TDM  telephony 
environment,  according  to  users  and  industry  experts: 

Pros: 

Cons: 

•  Having  traditional  voice  lines 
provides  a  backup  in  case  of  IP 
network  failure. 

•  Maintaining  two  networks  for 
voice  defeats  the  point  of 
convergence. 

•  VoIP  can  be  integrated  slowly 
without  disruptive  changes  to 
staff  or  equipment. 

•  Keeping  separate  staffs  for 
voice  and  data  could  lead  to 
responsibility  conflicts. 

•  Companies  can  squeeze 
every  last  minute  of  life  out  of 
older  PBX  gear. 

•  Applications  that  take  advan¬ 
tage  of  full  IP  convergence  could 
be  harder  to  implement. 

\ _ 
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put  them  through  the  ringerj"  she 
says,  adding  that  ThruFbint  was 
not  involved  in  Merrills  decision 
to  go  back  to  a  hybrid  network. 

Dulude  .says  most  clients  are 
doing  the  opposite,  looking  to 
migrate  from  TDM  completely. 
“Clients  aren’t  planning  on  hybrid 
environments,”  she  says.  “With  a 
hybrid  environment,  you’re  not 
taking  advantage  of  convergence. 
The  whole  idea  is  to  have  one 
network  for  supporting  voice  and 
data,  plus  video  or  anything  else 
that  comes  along." 

It  will  be  more  expensive  in  the 
long  run  to  have  separate  ports, 
cabling  and  switches  for  different 
services,  she  adds. 

A  Merrill  Lynch  spokesman  says 
the  company  will  still  be  able  to 
take  advantage  of  convergence 
by  mixing  TDM  and  IP  voice,  and 
get  the  added  advantage  of  hav¬ 
ing  one  back  up  the  other. 

While  Merrill  Lynch  is  going 
hybrid,  CarrAmerica  Realty  is 
plowing  ahead  with  a  pure-lP 


plan.  The  realty  management 
company  is  in  the  thick  of  a 
nationwide  rollout  of  Cisco’s 
Architecture  for  Voice,  Video  and 
Integrated  Data  IP  telephony 
gear,  spreading  VoIP  to  60  offices 
nationwide  with  a  total  of  about 
1 ,000  phones. 

The  system  replaces  several 
large  Avaya  TDM-based  PBXs  and 
key  systems  with  two  redundant 
Cisco  CallManager  IP  PBXs  that 
serve  remote  offices  over  a 


nationwide  IP  WAN.The  system  is 
slick,  says  Barry  Krell,  vice  presi¬ 
dent  and  director  of  engineering 
at  the  Washington  DC.  firm,  but 
requires  a  measure  of  old-school 
telecom  practicality 
Krell’s  remote  offices  have  three 
or  more  extra  public  switched 
telephone  network  (PSTN)  lines 
so  users  can  still  make  calls  if 
there  is  an  IP  WAN  outage.  A  fea¬ 
ture  on  the  Cisco  routers  in  those 
offices  called  Survivable  Remote 


Hackers  set  up  shop 
in  state  agency’s  server 


■  BY  ELLEN  MESSMER 

Hackers  had  made  a  state  agency’s  network  their 
old  Kentucky  home  before  being  discovered  by 
auditors,  who  revealed  the  incident  publicly  last 
week. 

Kentucky  State  Auditor  Ed  Hatchett  told  reporters 
that  the  hackers,  apparently  from  France,  Croatia  and 
Canada,  broke  into  at  least  one  server  on  the  net¬ 
work  of  the  Kentucky  Transportation  Cabinet,  the 
state  agency  for  transportation  and  vehicle-registra¬ 
tion  functions.  Since  at  least  April,  the  hackers  have 
used  it  as  a  warehouse  for  pirated  movies,  music, 
electronic  games  and  DVDs.  They  probably  had 
access  to  state-held  information  such  as  driver’s 
licenses,  Hatchett  said. 

The  discovery  was  made  during  a  routine  network 
vulnerability  assessment  as  part  of  a  financial  audit. 

The  agency  wasn’t  aware  of  the  problem  until 
Hatchett  informed  it  a  few  hours  before  the  news 
was  made  public.Spokesman  Mark  Pfeiffer,acknowl- 
edging  that  at  least  one  server  at  the  agency  had 
been  hacked,  says  they  do  not  believe  internal 
records  and  billing  s>'stems  were  compromised. 

Jim  Ramsey,  CIO  for  the  Transportation  Cabinet, 
says  the  hacked  server  is  a  Microsoft  Proxy  Server 
that  was  sitting  on  the  edge  of  the  agency’s  Internet 
access  pxiint.'lt  looks  like  the  hackers  gained  access 
by  breaking  the  password  and  setting  up  a  sub- 
diret  toty  on  some  obscure  area  of  it,  loaded  an  FTP 
application,  and  used  it  to  send  files,"  he  says. "They 
essentialN  turned  it  into  a  file  cabinet" 

Ramsty,  who  sa>-s  his  job  is  probably  on  the  line, 
didn't  shirk  from  accepting  responsibility.  The 


agency  lacks  a  firewall-based  “demilitarized  zone” 
as  one  defense  to  ward  off  penetration  by  hackers. 

“We  were  just  in  the  process  of  implementing  a 
DMZ,  and  it  was  one  of  things  we  should  have  been 
doing  but  didn’t,”  Ramsey  says.  In  addition,  the 
agency  hadn’t  done  vulnerability  testing  and  has  no 
one  on  staff  with  a  high  level  of  security  experience. 
Nor  had  the  agency  received  assistance  through  out¬ 
side  contractors. 

“We  were  in  the  process  of  developing  a  security 
audit  through  state  contracts,  but  we  suspended  the 
outside  contract  because  it  cost  $60,000  and  the 
state  auditor  was  going  to  go  in  there  and  do  this,” 
says  Ramsey,  who  has  been  CIO  for  three  years.  A  big¬ 
ger  budget  for  IT  and  security  would  help  remedy 
problems,  he  adds. 

That  Microsoft  Proxy  Server  has  been  removed 
and  is  in  a  locked  room  awaiting  investigation  by  a 
forensics  team.  Ramsey  says  his  staff  has  to  stay 
away  from  the  review  because  the  agency  itself 
must  be  cleared  of  any  suspicion  it  played  a  role  in 
the  hacker  activity. 

Aldona  Valicenti,  CIO  for  the  state  of  Kentucky 
issued  a  statement  saying  his  department  “has 
worked  very  hard  to  put  in  place  statewide  policies 
and  practices  for  IT  security  including  a  so-called  En¬ 
terprise  Security  Network  Architecture  issued  July  21. 

Valicenti  said  his  office  would  seek  more  funding 
for  IT  security  and  would  undertake  a  “thorough 
review  of  IT  systems  and  a  transition  plan  to  bring 
the  Transportation  Cabinet  into  compliance”  with 
the  envisioned  IT  security  architecture.  It  also  plans 
to  send  an  independent  contractor  to  conduct  a 
review  of  the  agency:  ■ 


Site  Telephony  allows  the  router 
to  become  a  mini-PBX,  providing 
basic  call-control  features  to  IP 
phones  for  PSTN  calls.  Another 
feature  allows  the  remote  offices 
to  access  Cisco  voice  mail  servers 
in  Washington,  DC.,  via  dial-up 
modem  lines. 

“You  have  to  realize  that  it’s 
going  to  be  a  mixed  environ¬ 
ment,”  Krell  say5.“lt  has  to  be  at  this 
point  because  the  [telephony] 
world  is  still  based  on  the  PSTN.” 

One  analyst  says  projects  like 
CarrAmerica’s  are  the  exception 
rather  than  the  rule.  “Migration 
from  TDM  to  IP  is  not  going  to 
happen  in  a  few  years;  it’s  going  to 
be  decades,”  says  Ron  Gruia,  an 
analyst  with  Frost  and  Sullivan. 

One  reason  is  that  there  is  little 
impetus  now  for  big  PBX  shops  to 
swap  out  to  IP  “The  installed  base 
of  PBXs  is  much  newer  than  it  has 
ever  been  in  the  past,”  Gruia  says. 
Many  firms  bought  new  systems 
in  1998  and  1999  when  the  econ¬ 
omy  was  hot  and  Y2K  was  around 
the  corner.  Now  with  budgets 
strapped,  firms  might  sit  tight  with 
their  PBXs,  which  can  provide  a 
decade  of  usefulness. 

“My  PBX  has  five-nines  reliabil¬ 
ity’  says  James  Sposito,  a  telecom 
manager  for  Penn  State  University 
at  Altoona.  “Why  not  IP-enable 
that  PBX  instead  of  installing  a 
[server-based  IP  PBX]?” 

He  says  linking  PBXs  across 
Penn  State’s  campuses  with  IP  has 
been  a  benefit,  but  putting  IP 
phones  on  desks  is  not  in  the 
cards.  “My  goal  is  to  evolve  the 
[TDM]  switch  and  get  the  best 
performance  1  can  out  of  it. 
There’s  no  reason  for  me  to  go  to 
a  total  IP  network.” 

Still,  vendors  of  IP  voice  gear 
soldier  on.Symergy  Research  says 
the  enterprise  IP  telephony  mar¬ 


ket  reached  $850  million  in  the 
first  half  of  this  year,  up  $265  mil¬ 
lion  from  a  year  ago.  And  market 
leader  Cisco  last  week  announced 
the  shipment  of  its  2-millionth  IP 
phone. 

However,  2  million  phones  is 
only  about  one-third  of  the  TDM 
phones  corporations  will  buy  this 
year,  says  Allan  Sulkin  of  PBX 
research  firm  TEQConsulting 
Group.  And  even  by  2009,  he  pro¬ 
jects  that  IP  phone  shipments  will 
trail  PBX  phones  shipments  by 
about  3  million  units. 

Another  company  living  in  the 
TDM  world  but  with  an  eye  to  a 
future  of  pure  IP  is  EDMC.  The 
Pittsburgh  firm,  which  manages 
secondary  education  institutions, 
and  professional  training  and  cer¬ 
tification  schools  across  the 
country,  has  Siemens  HiPath 
hybrid  PBXs  in  its  main  offices 
and  satellite  offices.  These  PBXs 
are  tied  together  with  an  IP  WAN. 

While  telephony  at  EDMC  is  a 
mixed  environment,  “there’s  an 
urgency  for  us  to  be  prepared  to 
have  an  entirely  IP  voice  system” 
so  we  don’t  have  to  manage  two 
networks,  says  Derek  Fink,  assis¬ 
tant  vice  president  for  telecom  at 
EDMC.  He  says  the  goal  is  to  have 
all  voice  and  data  on  the  LAN  in 
all  branch  offices  and  running 
over  the  same  IP  backbone 
across  the  WAN. 

The  ability  to  mix  TDM  and  IP  is 
helping  the  firm  as  it  builds  out 
this  blueprint,  Fink  adds.  “We  can 
deploy  equipment  now  while  we 
work  to  upgrade  our  Cisco  net¬ 
work  to  support  the  level  of  [qual¬ 
ity  of  service]  we’ll  need,”  for  an 
all-lP  network,  he  says.  ■ 
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Solving  the  spam  equation 


ince  my  columns  about  a 
month  ago  on  what  spam  really 
costs,  1  have  received  quite  a 
few  responses.  Many  were  from  IT 
folks  who  seem  to  be  planning  to 
use  the  spreadsheet  1  provided  as  a 
cudgel  to  get  authorization  for 
action. 

One  company  sent  me  its  entire  analysis  in  an 
updated  spreadsheet  and  the  figures  were  fascinat¬ 
ing:  8,000  employees  with  e-mail,  a  fully  loaded  per- 
hour  cost  of  $27,  and  each  user  averaging  10  mes¬ 
sages  per  day  of  which  88%  are  spam.Those  para¬ 
meters  ring  up  a  total  of  $61 1,1 1 1  dollars  of  lost  pro¬ 
ductivity  annually  —  that’s  a  per-user  cost  of  about 
$76  per  year. 

Add  in  the  bandwidth  ($18,000,  with  spam  taking 
up  7%  of  the  total), storage  costs  ($1 1,600  with  6K- 
byte  average  messages  and  $2.50  per  gigabyte)  and 
support  ($65,280  for  spam)  and  the  bottom  line  is 
that  spam  costs  this  company  a  total  of  $705,748  per 
annum,  or  about  $88  per  employee,  per  year. 

Now  this  company’s  employees  are  pretty  light 
e-mail  users.  Just  consider  what  would  happen  if 
they  were  to  increase  e-mail  use  to  100  messages 
per  user,  per  day,  a  typical  volume  in  many  corpora¬ 
tions:  They  would  incur  10  times  the  cost,  or  about 
$6.3  million  per  annum. That’s  serious  money  with 


the  majority  of  the  expense  being  lost  productivity 

But  some  of  you  disagreed  with  the  concept  of  los¬ 
ing  productivity  to  spam.  One  reader  responded  with 
a  revised  spreadsheet  analyzing  the  cost  of  bath¬ 
room  breaks.  He  concluded  that  the  total  cost  of 
bathroom  breaks  per  user,  per  year  for  a  1 ,000- 
employee  operation  would  be  $4,484,000  —  almost 
$4,500  per  employee!  He  suggested  that,“The  real 
intent  of  my  parody  is  to  show  how  small  the  cost  of 
spam  is  compared  with  other  time-consuming  non¬ 
productive  work  activities.  If  we  keep  it  in  perspec¬ 
tive,  is  the  time  and  money  spent  on  spam  filtering 
really  worth  it?” 

Very  amusing,  but  might  1  be  so  bold  as  to  suggest 
that  the  comparison  is  wrong  for  a  couple  of  rea¬ 
sons.  First,  bathroom  breaks  are  not  an  optional 
expense.  Not  only  do  most  people  function  poorly 
when  they  are  prohibited  from  taking  a  bathroom 
break,  they  also  get  pretty  cranky  (and  the  law 
seems  to  have  a  few  opinions  on  the  matter). 

The  second  and  biggest  reason  is  that  spam,  unlike 
bathroom  breaks,  has  a  profound  effect  on  the  sig- 
nal-to-noise  ratio  of  e-mail,  which  for  many  organiza¬ 
tions  is  at  least  as  important  as  the  telephone. 

When  users  receive  100  or  more  messages  per  day 
with  a  significant  percentage  of  spam,  it  becomes 
highly  probable  that  they  will  miss  critical  messages. 

Look  at  it  this  way:  Would  you  tolerate  random  out¬ 


siders  doubling  the  number  of  records  in  your  data¬ 
bases  with  irrelevant  and  erroneous  data?  No  way! 

So  what  are  we  going  to  do  about  spam?  There  are 
three  things.  First,  refuse  to  do  business  with  compa¬ 
nies  that  spam.  Because  spamming  is  becoming 
commonplace, some  companies  think  it  is  therefore 
an  acceptable  way  to  conduct  business. 

For  example,  after  the  10th  spam  from  Max- 
group.com  1  spoke  to  a  representative  who  told  me 
that  the  company  used  a  bot  to  scour  Web  sites  for 
e-mail  addresses,  and  that  spamming  was  the  easiest 
and  cheapest  way  to  build  a  reseller  base. 

He  proceeded  to  go  through  the  usual  arguments 
that  it  would  only  take  me  a  few  seconds  to  delete 
the  spam  (as  if  it  were  the  only  spam)  and  that  what 
the  company  was  doing  was  perfectly  legal  (quite 
true  for  now).  He  offered  to  take  me  off  the  list  and 
yesterday  1  received  spams  1 1  and  12  from  them. 

So  not  only  do  we  not  do  business  with  these  com¬ 
panies  but  we  need  laws  to  rein  them  in. That’s  the 
second  thing. While  laws  are  not  the  ultimate  solu¬ 
tion  to  spam,  they  are  needed  to  stop  companies 
that  are  simply  taking  advantage. 

Third,  we  need  technology  There  are  all  sorts  of 
interesting  and  effective  solutions,  and  next  week  I’ll 
tell  you  what  you  can  use. 

No  spam  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


DARPA  deserves  better 

Rarely  does  even  the  wackiest  idea 
crash  and  burn  so  soon  after  liftoff  — 
especially  in  Washington,  where  wacky  ideas  are  what  you  want  to  be  hiding 
under  should  there  ever  be  a  nuclear  attack,  since  so  many  seem  indestructible. 

Not  so  the  DARPA ’s  short-lived  terrorism  betting  parlor.  Dubbed  the  Policy 
Analysis  Market  (PAM),  this  attempt  to  apply  the  predictive  powers  of  futures 
trading  to  the  world  of  terrorism  prevention  fizzled  so  fast  last  week  there  really 
wasn’t  time  to  bat  it  around  on  those  screaming  contests  that  pass  for  TV  talk 
shows.  It  was  here  today,  gone  tomorrow,  lamented  by  no  one  . . .  with  the  possi¬ 
ble  exception  of  soon-to-be  former  DARPA  head  honcho  John  Poindexter,  the 
former  Navy  admiral  whose  government  career  went  down  with  this  ship. 

But  now  that  PAM  has  assumed  its  rightful  place  on  the  lips  of  late-night 
comics  —  alongside  that  other  recent  DARPA  debacle, Total  Information 
Awareness  (TIA)  —  there  remains  at  least  one  important  point  to  be  made: 

Pity  the  brilliant  men  and  women  who  for  decades  have  toiled  to  make  DARPA 
synonymous  with  government-sponsored  technological  innovation.  It  must  pain 
these  people  no  end  to  see  their  baby  become  the  butt  of  such  jokes. 

Pity,  too,  the  Bush  administration’s  decision  to  so  needlessly  politicize  DARPA 
by  appointing  the  notorious  Poindexter  in  the  first  place. 

DARPA  is  best  known  for  giving  life  to  what  we  now  know  as  the  Internet,  of 
course,  but  more  recently  the  agency  has  applied  brain  cells  and  government  dol¬ 
lars  to  the  likes  of  wavelength  division  multiplexing  and  Gigabit  Ethernet. 

Before  his  foray  into  terrorism  futures,  Poindexter  was  best  known  for  having 
skirted  the  consequences  of  his  Iran-Contra  felony  conviction  only  through  the 
good  graces  of  congressional  immunity. 

PAM  andTlA  would  have  attracted  howls  of  protest  with  or  without 
Poindexter’s  fingerprints  being  on  them.  His  involvement,  however,  all  but  assured 


that  the  missteps  would  blow  up  into  major  scandals  for  DARPA. 

As  this  column  was  being  written,  press  reports  were  making  clear  that 
Poindexter  would  walk  the  plank  over  this. 

At  least  it  can  never  be  said  that  PAM  and  TIA  failed  to  produce  benefits: 
DARPA  deserves  this  chance  to  get  its  good  name  back. 

Telemarketers  are  overacting 

Death  throes  are  not  normally  considered  high  entertainment,  but  one  must  be 
forgiven  for  taking  delight  in  such  ghoulishness  when  it  is  the  telemarketing 
industry  that  is  purportedly  doing  the  dying. 

The  telemarketing  industry  isn't  actually  dying,  of  course;  its  practitioners 
merely  are  acting  the  part  of  the  mortally  wounded  in  response  to  the  predictable 
popularity  of  the  federal  government’s  do-not-call  registry.The  FederalTrade 
Commission  reports  that  more  than  28  million  people  in  the  U.S.  have  signed  up 
to  have  peace  restored  to  their  dinnertime  hours  —  go  figure  —  and  that  the 
number  is  likely  to  rise  to  60  million  by  next  summer. 

Enforcement  of  the  list  begins  Oct.  1  unless  lawyers  unleashed  by  the  telemar¬ 
keters  succeed  in  stopping  the  launch. They  were  in  a  Denver  court  recently  seek¬ 
ing  to  block  the  FCC  regulations  that  put  this  blessed  relief  within  reach. 

The  industry's  First  Amendment  case  appears  no  more  compelling  than  your 
typical  telemarketing  pitch. 

As  for  the  industry’s  sob  story  —  it  predicts  2  million  lost  jobs  —  call  me  heart¬ 
less.  It’s  almost  certainly  true  that  the  industry  will  need  fewer  telemarketers 
once  its  list  of  available  phone  numbers  shrinks  to  the  size  of  my  city’s  white 
pages.  Some  of  those  folks  will  have  a  hard  time  finding  work.  However,  the 
majority  simply  will  make  the  transition  from  a  menial  job  that  annoys  innocent 
bystanders  to  a  menial  job  that  does  not. 

They’ll  sleep  better. 

Do  not  call . . .  write.  The  address  is  buzz@nww.com. 
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Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size  it  is.  From  PowerEdge*' 

servers  featuring  Intel®  Xeon'“  processors  to  PowerVault”  Storage  and  PowerConnect”  switches,  Dell  offers  flexible,  high-performance 
industry-standard  technologies  and  software  solutions  that  are  just  right  for  your  particular  business  needs.  And  we'll  help  you  every  step 
along  the  way.  Whether  it's  planning  and  design,  testing  and  validation,  systems  management,  or  our  award-winning  24  x  7  service  and 
support,  Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage.  So  make  life  easy  on  yourself  and  get  a 
big  advantage  over  your  competition  -  with  a  unique  IT  solution  from  Dell. 

Dell  Rated  #1  in  Intel-Based  Server  Satisfaction 

20  Out  of  21  Consecutive  Quarters 
Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

Fourth  Quarter  2002 
-April  2003 
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>^'ic>ng  spec'*!Cdi>ons  availability  and  M'ms  ol  oHei  may  change  witfwut  notice  Taxes  and  shipping  chaiges  extia.  and  vary  and  not  subtect  to  discounts  U  S  Dell  Small  Business  new  purchases  only  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography  ‘This  device  has  not 
neon  approved  by  the  Fedeiai  Communications  Commission  lor  use  m  a  residential  environment  This  device  is  not.  and  may  not  be.  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  enviionment  until  the  approval  of  the  FCC  has  bean  obtained  Service  may  be  provided  by  thud 
uni  Technician  will  be  dis, latched  loliownig  phone-based  Doubfeshooting  Sub|ect  to  parts  availability,  geographical  resliictions  and  terms  of  service  contract  Service  tuning  dependent  upon  time  of  day  call  placed  to  Dell  U  S.  only  Monthly  payment  based  on  pre^rebate  puce  for  4B-manth  60 
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FILE  AND  PRINT  SERVERS 

From  entry-level  servers  to  robust  rack-mountable  solutions  that  fit  existing  infrastructures. 


NEW  PowerEdge”  400SC  Server 

EntTY-level  Value  Server 

•  Intel* *  Celeron'  Processor  at  2GHz 

•  Upgradable  to  Intel*  Pentium*  4  Processor  at  3.20GHz 

•  800MHz  Front  Side  Bus 

•  128MB  266MH2  ECC  DDR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Embedded  Intel*  PRO  Gigabit*  NIC 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service" 

•  Small  Business  Pricing 


NEW  PowerEdge™  650  Server 

Low-Cost,  General-Purpose  1U  Server 

•  Intel’  Pentium*  4  Processor  at  2.40GHz 

•  Upgradable  to  Intel*  Pentium*  4  Processor  at  3GHz 

•  128MB  266MH2  ECC  DDR  SDRAM 

•  Upgradable  to  3GB  of  Memory 

•  20GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  146GB  of  Internal  Hard  Drive  Storage 

•  Intel*  PRO  Gigabit*  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service" 

•  Small  Business  Pricing 


5399 


E-VALUECode:  18598-S20803g 


51199 


as  low  as  $32/mo..  (46  pmts®) 

E-VALUE  Code:  18538-S20811g 


DATABASE  AND  WEB  HOSTING  SERVERS 
Application-specific  servers  that  can  meet  most  any  challenge. 


PowerEdge"*  2600  Server 

High-Performance  Tower  Server 

•  Intel*  Xeon“  Processor  at  2.80GHz 

•  Dual  Intel*  Xeon*  Processor  Capable  (Up  to  3.06GHz) 

•  512MB  200MHz  ECC  DDR  SDRAM  (Up  to  6GS) 

•  Upgradable  to  6GB  of  Memory 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Active  ID  Bezel  for  Manageability 

•  3-Yr  Next  Business  Day  On-Site  Service" 

•  Small  Business  Pricing 

$43/mo.,  (46  pmts?“| 

*1'  1^  J  J  E-VALUE  Code:  18598-S20815 


NEW  PowerEdge'”  1750  Server 

1U  High-Performance  Rack  Server 

•  Intel®  Xeon*  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon*  Processor  Capable  (Up  to  3.06GHz) 

•  256MB  266MHz  ECC  DDR  SDRAM  (Up  to  8GB) 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Integrated  Dual-Channel  Ultra320  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service" 

•  Small  Business  Pricing 

^  ^  as  low  as  $46/mo.,  (46  pmts*) 

V  E-VALUE  Code:  18598-S20816g 


SERVICES 

Purchase 

•  Dell  offers  a  wide  range  of  reliable,  award-winning 
technology,  all  delivered  from  a  single  point  of 
contact  -  and  our  expert  sales  associates  are 
there  to  help  you  find  the  technology  that's  right  for 
your  business. 

Installation  ~  Starting  at  $199 

•  Once  you've  selected  the  right  technology,  Dell  can 
help  you  get  it  up  and  running  quickly  and  cost- 
effectively  with  our  custom  on-site  installation  and 
configuration  services. 

Training  &  Certification  -  Starting  at  $100 

•  After  installation,  Dell  can  help  turn  your  employees 
or  IT  staff  into  experts  on  your  new  technology 
through  a  variety  of  training  and  certification  courses  - 
helping  increase  your  business'  long-term  productivity. 

Service  &  Support 

•  The  support  doesn't  end  at  the  sale.  Dell's  award¬ 
winning  service  and  support  offerings  help  ensure 

that  your  new  network  remains  up  and  running  - 

with  Web,  phone  or  on-site  service^  and  support. 


4-WAY  SERVERS 

Handle  intense  networking  needs  with  ease. 

PowerEdge'”  6600/6650  Servers 

Quad  Processing  Power  in  Rack-Mountable  or 
Tower  Form  Factors 

•  Up  to  Four  Intel*  Xeon*  Processors  at  2GHz 

•  Up  to  32GB  DDR200  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s|  Controller 

•  Standard  Hot-Swap  Hard  Drives,  Hot-Swap  Redundant  Fans 
and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

as  low  as  $148/mo..  (46  pmts*) 

starting  at  w 


NETWORK  SWITCHES 
Design  a  powerful  network  with  scalable, 
high-performance  switches. 


PowerConnecf”  2000/3000/5000  Switches 

PowerConnect*  2000  Series  -  Starting  at  $89 

•  Affordable,  Easy-to-lnstall  Unmanaged  Switches 

PowerConnect*  3000*  Series  -  Starting  at  $549 

•  Stackable,  Enterprise-Class  Managed  Switches 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

PowerConnect*  5000*  Series  -  Starting  at  $1199 

•  High-Performance,  All-Gigabit  Managed  Switches 

•  Layer-3  Aware  Class  of  Senrice  Prioritization 

Next  Business  Day  Advanced  Exchanged  Service""  Included 


STORAGE  OPTIONS 
Improve  your  network's  capabilities. 

Dell  PowerVauir  725N  NAS 


Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  1 .70GHz 

•  Upgradable  to  Intel®  Pentium*  4  Processor  at  2.60GHz 
•4x40GB(1BOGB)IDE  Hard  Drives 

•  Up  to  1  Terabyte  of  Internal  Storage  Capacity 

•  Microsoft*  Windows*  Powered  Network  Attached  Storage 


51799 


as  low  as  $49/mo.,  (46  pmts”) 

E-VALUE  Code:  18598-S20717n 


Dell  I  EMC 


If  you  have  more  than  300GB  of  storage,  visit  wvvw.dell.com/storage4mybi2 
for  low  prices  on  Dell/EMC  storage  arrays. 


Solutions  that  fit. 


Easy  as 


Click  www.dell.com/bizsolutions 


Call  1-877-361-3355 

toll  free 


credit  'This  term  indicates  compliance  with  IEEE  standard  802  3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  IGB/sec  For  high-speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  mlrastructure  is  required.  "Technician, 
leplacement  part  or  unit  (depending  on  service  contracll  will  be  dispatched  if  necessary  following  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit  Service  may  be  provided  by  third  pany  provider.  Subiect  to  parts  availability,  geographical 
restrictions  and  terms  of  service  contract  Senrice  timing  dependent  upon  time  of  day  call  placed  to  Dell  Detective  unit  must  be  returned  Replacements  may  be  refurbished  U.S  only  Dell,  the  st^ized  E  logo.  E-Value.  PowerEdge.  PowerConnect  and  PowerVault  ate  ttadeniarXs 
of  Dell  Computet  Corporation  Intel.  Intel  Inside,  the  Intel  Inside  logo.  Intel  Xeon.  the  Intel  Xeon  logo.  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  £>21X13  Dell  Computer 
CorpTHation  All  rights  reseived 


Router  with 
fiiowall.  VPN  and 
T1 OSU/CSU 

(at  half 
the  price). 

The  NetVhnta  3305  from  ADTRAN". 

For  some  time  now,  you’ve  been  buying  access  routers  a 
certain  way.  Perhaps  without  giving  it  a  second  thought. 

Now  there’s  good  reason  to  look  around — the  NetVanta  3000 
Series  from  ADTRAN.  These  routers  do  the  same  work  as 
other  brand  name  routers,  at  a  cost  that’s  up  to  55  percent 
less.  Designed  with  a  familiar  CLl,  NetVanta  3000  Series  routers 
fit  seamlessly  into  existing  operations.  No  costly  training  or 
recertification.  Built  to  ADTRAN  quality  standards,  this 
low-cost  alternative  is  backed  by  a  5-year  warranty  and 
free  pre-  and  post-sales  telephone  technical  support. 


Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Why  pay  more? 


;  ‘.7 


Take  the  CLl  Challenge!  Receive  a  free  T-Shirt! 

v\fv\/y\f. adtrBn.com/info/yvhy pa  ymore 

877.767.6022  Technical  Questions 
877.280.8416  Where  to  Buy 
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Experts  choose  ADTRANr 


AolRAri 


IX/ 

Copvrighi©2aB  ADTRAN  Inc  A*  .iflhts  res«rved,  ADTRAN  and  NetVanta  are  trademarks  of  ADTRAN,  Inc.  EN55C052603NW 


